testutil

package

v0.0.0-...-ce7e112 Latest Latest Go to latest Published: Jan 3, 2024 License: Apache-2.0, BSD-2-Clause, BSD-3-Clause, + 2 more Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/GoogleCloudPlatform/stet

Documentation ¶

Overview ¶

Package testutil contains utilities for unit tests.

Index ¶

Variables
func CRC32C(data []byte) uint32
func CreateEnabledCryptoKey(protectionLevel kmsrpb.ProtectionLevel, name string) *kmsrpb.CryptoKey
func CreateTempTokenFile(t *testing.T) string
func FakeKMSUnwrap(wrapped []byte, name string) []byte
func FakeKMSWrap(unwrapped []byte, name string) []byte
func ValidDecryptResponse(req *kmsspb.DecryptRequest) *kmsspb.DecryptResponse
func ValidEncryptResponse(req *kmsspb.EncryptRequest) *kmsspb.EncryptResponse
type FakeCloudEKMClient
- func (f *FakeCloudEKMClient) Close() error
- func (f *FakeCloudEKMClient) GetEkmConnection(ctx context.Context, req *ekmpb.GetEkmConnectionRequest, ...) (*ekmpb.EkmConnection, error)
type FakeKeyManagementClient
type FakeSecureSessionClient
type KEK
- func (k *KEK) URI() string

Constants ¶

This section is empty.

Variables ¶

View Source

var (

	// ExternalEKMURI is the external URI corresponding to ExternalKEK.
	ExternalEKMURI = "https://my-kms.io/external-key"

	// ExternalVPCBackend represents the ekmConnection for an External_VPC KEK.
	ExternalVPCBackend = "projects/test/locations/test/ekmConnection/testConn"
	// ExternalVPCHostname represents the external URI hostname for an External_VPC KEK.
	ExternalVPCHostname = "testvpchost"
	// ExternalVPCKeyPath represents the keyPath for an External_VPC KEK.
	ExternalVPCKeyPath = "api/v1/cckm/ekm/endpoints/testpath"
)

View Source

var (
	// SoftwareKEK represents a test KEK with the Software protection level.
	SoftwareKEK = newKEK("testSoftware", kmsrpb.ProtectionLevel_SOFTWARE)
	// HSMKEK represents a test KEK with the HSM protection level.
	HSMKEK = newKEK("testHsm", kmsrpb.ProtectionLevel_HSM)
	// ExternalKEK represents a test KEK with the External protection level.
	ExternalKEK = newKEK("testExternal", kmsrpb.ProtectionLevel_EXTERNAL)
	// VPCKEK represents a test KEK with the External_VPC protection level.
	VPCKEK = newKEK("testExternalVPC", kmsrpb.ProtectionLevel_EXTERNAL_VPC)
)

Functions ¶

func CRC32C ¶

func CRC32C(data []byte) uint32

CRC32C returns the Castagnoli CRC32 checksum of the given data.

func CreateEnabledCryptoKey ¶

func CreateEnabledCryptoKey(protectionLevel kmsrpb.ProtectionLevel, name string) *kmsrpb.CryptoKey

CreateEnabledCryptoKey creates a fake CryptoKey with the given protection level and name of the format "projects/*/locations/*/keyRings/*/cryptoKeys/*".

func CreateTempTokenFile ¶

func CreateTempTokenFile(t *testing.T) string

CreateTempTokenFile creates a temp directory/file as a stand-in for the attestation token.

func FakeKMSUnwrap ¶

func FakeKMSUnwrap(wrapped []byte, name string) []byte

FakeKMSUnwrap returns a fake unwrapped share.

func FakeKMSWrap ¶

func FakeKMSWrap(unwrapped []byte, name string) []byte

FakeKMSWrap returns a fake wrapped share.

func ValidDecryptResponse ¶

func ValidDecryptResponse(req *kmsspb.DecryptRequest) *kmsspb.DecryptResponse

ValidDecryptResponse returns a fake successful response for CloudKMS Decrypt.

func ValidEncryptResponse ¶

func ValidEncryptResponse(req *kmsspb.EncryptRequest) *kmsspb.EncryptResponse

ValidEncryptResponse returns a fake successful response for CloudKMS Encrypt.

Types ¶

type FakeCloudEKMClient ¶

type FakeCloudEKMClient struct {
	kms.EkmClient

	GetEkmConnectionFunc func(context.Context, *ekmpb.GetEkmConnectionRequest, ...gax.CallOption) (*ekmpb.EkmConnection, error)
}

FakeCloudEKMClient is a fake implementation of the GCP EKM client.

func (*FakeCloudEKMClient) Close ¶

func (f *FakeCloudEKMClient) Close() error

Close is a no-op. Needed to implement the EKM Client interface.

func (*FakeCloudEKMClient) GetEkmConnection ¶

func (f *FakeCloudEKMClient) GetEkmConnection(ctx context.Context, req *ekmpb.GetEkmConnectionRequest, opts ...gax.CallOption) (*ekmpb.EkmConnection, error)

GetEkmConnection calls GetEkmConnectionFunc if applicable. Otherwise returns error.

type FakeKeyManagementClient ¶

type FakeKeyManagementClient struct {
	kms.KeyManagementClient

	GetCryptoKeyFunc func(context.Context, *kmsspb.GetCryptoKeyRequest, ...gax.CallOption) (*kmsrpb.CryptoKey, error)
	EncryptFunc      func(context.Context, *kmsspb.EncryptRequest, ...gax.CallOption) (*kmsspb.EncryptResponse, error)
	DecryptFunc      func(context.Context, *kmsspb.DecryptRequest, ...gax.CallOption) (*kmsspb.DecryptResponse, error)
}

FakeKeyManagementClient is a fake version of Cloud KMS Key Management client.

func (*FakeKeyManagementClient) Close ¶

func (f *FakeKeyManagementClient) Close() error

Close is a no-op. Needed to implement the KMS Client interface.

func (*FakeKeyManagementClient) Decrypt ¶

func (f *FakeKeyManagementClient) Decrypt(ctx context.Context, req *kmsspb.DecryptRequest, opts ...gax.CallOption) (*kmsspb.DecryptResponse, error)

Decrypt calls DecryptFunc if applicable. Otherwise returns a fake Decrypt response.

func (*FakeKeyManagementClient) Encrypt ¶

func (f *FakeKeyManagementClient) Encrypt(ctx context.Context, req *kmsspb.EncryptRequest, opts ...gax.CallOption) (*kmsspb.EncryptResponse, error)

Encrypt calls EncryptFunc if applicable. Otherwise returns a fake Encrypt response.

func (*FakeKeyManagementClient) GetCryptoKey ¶

func (f *FakeKeyManagementClient) GetCryptoKey(ctx context.Context, req *kmsspb.GetCryptoKeyRequest, opts ...gax.CallOption) (*kmsrpb.CryptoKey, error)

type FakeSecureSessionClient ¶

type FakeSecureSessionClient struct {
	securesession.SecureSessionClient

	WrapErr       error
	UnwrapErr     error
	EndSessionErr error
}

FakeSecureSessionClient is a test version of a secure session client, used to communicate with external EKM.

func (*FakeSecureSessionClient) ConfidentialUnwrap ¶

func (f *FakeSecureSessionClient) ConfidentialUnwrap(_ context.Context, _, _ string, wrappedBlob []byte) ([]byte, error)

ConfidentialUnwrap removes the last byte of the wrapped share (mirroring ConfidentalWrap above).

func (*FakeSecureSessionClient) ConfidentialWrap ¶

func (f *FakeSecureSessionClient) ConfidentialWrap(_ context.Context, _, _ string, plaintext []byte) ([]byte, error)

ConfidentialWrap simulates wrapping a share by appending a single byte ('E') to the end of the plaintext to indicate external protection level.

func (*FakeSecureSessionClient) EndSession ¶

func (f *FakeSecureSessionClient) EndSession(ctx context.Context) error

EndSession is necessary to implement the SecureSessionClient interface.

type KEK ¶

type KEK struct {
	Name            string
	ProtectionLevel kmsrpb.ProtectionLevel
}

KEK contains basic information about test KEKs.

func (*KEK) URI ¶

func (k *KEK) URI() string

URI returns the KEK's CloudKMS URI by appending the GCP KMS prefix to the key name.

Source Files ¶

View all Source files

testutil.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL