CHEF-3162: Implement unit test for inspec-sign plugin (#6959)

* test: add unit test for inspec sign #profile_verify Signed-off-by: Sonu Saha <sonu.saha@progress.com> * enhance: add support for custom config dir to be used during testing Signed-off-by: Sonu Saha <sonu.saha@progress.com> * test: add unit test for inspec sign #keygen and #profile_sign Signed-off-by: Sonu Saha <sonu.saha@progress.com> * test: remove test for profile sign Signed-off-by: Sonu Saha <sonu.saha@progress.com> * test: add test for methods in inspec sign Signed-off-by: Sonu Saha <sonu.saha@progress.com> --------- Signed-off-by: Sonu Saha <sonu.saha@progress.com>
2024-11-10 07:04:15 +00:00 · 2024-02-02 15:11:20 +05:30 · 2024-02-02 15:11:20 +05:30 · 16a74f39ae
commit 16a74f39ae
parent 42c7f3e46b
3 changed files with 64 additions and 4 deletions
--- a/lib/inspec/iaf_file.rb
+++ b/lib/inspec/iaf_file.rb
@ -34,8 +34,9 @@ module Inspec
      raise Inspec::Exceptions::ProfileValidationKeyNotFound.new("Validation key #{keyname} not found")
    end

-    def self.find_signing_key(keyname)
-      [".", File.join(Inspec.config_dir, "keys")].each do |path|
+    def self.find_signing_key(keyname, config_dir = nil)
+      config_dir ||= Inspec.config_dir
+      [".", File.join(config_dir, "keys")].each do |path|
        filename = File.join(path, "#{keyname}.pem.key")
        return filename if File.exist?(filename)
      end
--- a/lib/plugins/inspec-sign/lib/inspec-sign/base.rb
+++ b/lib/plugins/inspec-sign/lib/inspec-sign/base.rb
@ -32,7 +32,10 @@ module InspecPlugins
      def self.keygen(options)
        key = KEY_ALG.new KEY_BITS

-        path = File.join(Inspec.config_dir, "keys")
+        # config_dir is the directory where the keys will be stored.
+        # options["config_dir"] is passed explicitly only for testing purposes.
+        config_dir = options["config_dir"] || Inspec.config_dir
+        path = File.join(config_dir, "keys")
        FileUtils.mkdir_p(path)

        puts "Generating signing key in #{path}/#{options["keyname"]}.pem.key"
@ -54,7 +57,7 @@ module InspecPlugins
        end

        puts "Signing #{profile_path} with key #{options["keyname"]}"
-        keypath = Inspec::IafFile.find_signing_key(options["keyname"])
+        keypath = Inspec::IafFile.find_signing_key(options["keyname"], options["config_dir"])

        # Read name and version from metadata and use them to form the filename
        profile_md = artifact.read_profile_metadata(profile_path)
--- a/test/unit/inspec_sign_test.rb
+++ b/test/unit/inspec_sign_test.rb
@ -0,0 +1,56 @@
+require "helper"
+require "plugins/inspec-sign/lib/inspec-sign/base"
+require "stringio"
+require "tmpdir"
+
+describe InspecPlugins::Sign::Base do
+  let(:fixture_dir) { File.join(Dir.pwd, "test", "fixtures") }
+  let(:signed_iaf_profile) { File.join(fixture_dir, "test-inspec-profile-0.1.0.iaf") }
+  describe "verify" do
+    it "should verify a signed profile" do
+      out = InspecPlugins::Sign::Base.profile_verify(signed_iaf_profile, true)
+      _ { out }.must_be_silent
+    end
+  end
+
+  describe "key generate" do
+    before do
+      $stdout = StringIO.new
+    end
+
+    after do
+      $stdout = STDOUT
+    end
+
+    Dir.mktmpdir do |dir|
+      opts = { "config_dir" => dir, "keyname" => "test" }
+      it "should generate keys" do
+        InspecPlugins::Sign::Base.keygen(opts)
+        _(File.exist?(File.join(dir, "keys", "test.pem.key"))).must_equal true
+        _(File.exist?(File.join(dir, "keys", "test.pem.pub"))).must_equal true
+      end
+    end
+  end
+
+  let(:profile_path) { File.join(fixture_dir, "profiles", "basic_profile") }
+  let(:base) { InspecPlugins::Sign::Base.new }
+  describe "read_profile_metadata" do
+    it "should read the metadata of the given profile and return content" do
+      _(base.read_profile_metadata(profile_path)).must_be_kind_of Hash
+      _(base.read_profile_metadata(profile_path)).must_include "name"
+    end
+  end
+
+  describe "write_profile_content_id" do
+    it "should write the content id to the inspec.yml" do
+      Dir.mktmpdir do |dir|
+        tmp_profile_path = File.join(dir, "basic_profile")
+        FileUtils.cp_r profile_path, tmp_profile_path
+
+        base.write_profile_content_id(tmp_profile_path, "test-content-id")
+        _(base.read_profile_metadata(tmp_profile_path)["profile_content_id"]).must_equal "test-content-id"
+      end
+    end
+  end
+
+end