Add test for non-trivial KBS policy #703
Conversation
fitzthum
force-pushed
the
reference-tests
branch
5 times, most recently
from
64637aa to
14ee77a
Compare
|
Btw, I have some follow-up commits to make the tests even nicer, but I figured this was enough for one PR. In the next iteration I will tweak the logic so that we can test out just about any policy by adding another case. |
|
cc @confidential-containers/trustee-maintainers This PR is not as big as it might look |
| assert!(secret.is_err()); | ||
| assert_eq!( | ||
| secret.unwrap_err().to_string(), | ||
| "request unauthorized".to_string() |
There was a problem hiding this comment.
This is not critical, but where does this string come from, and can it be made better (i.e. not a string comparison)?
There was a problem hiding this comment.
Yeah comparing errors in Rust is a little clunky and the way the client returns errors could be improved (normally it's just a cli so we didn't pay much attention to this). Probably beyond the scope of this PR tho.
fitzthum
force-pushed
the
reference-tests
branch
from
14ee77a to
ac4ff69
Compare
In order to set reference values from the integration tests, we need access to the rvps-tool as a crate, rather than a binary. This will also be useful if we want to add rvps functionality to the kbs-client or to the proposed trustee-ctl. To keep things simple, I just added the client as a new module in the existing crate rather than creating a new package like we do for kbs-client. Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
Our default policy expects the sample evidence to include a launch digest. We could remove this from the policy, but I'd like to keep it because it helps illustrate how the policy works. Ideally we would add this field to the evidence in the attester, but it doesn't seem worth it to make the extra changes for the sample evidence. Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
We had already separated the RVPS server implementation from the RVPS server binary, but we put this server implementation in the bin directory. This is no good for using the server without the binary, which is exactly what we need to do for the integration tests. So, let's move the server implementation into the crate itself. Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
It seems a bit more idiomatic to call this RvpsServer Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
This won't be an issue for people running the AS in a container, but if you run the AS as a process, it's very easy to be confused when the policy doesn't update. Add a warning in case there is already a policy there. Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
The LocalJson storage backend expects there to be json file (with an array in it) at a given location. In case it isn't there, let's write our own file with an empty array in it. Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
fitzthum
force-pushed
the
reference-tests
branch
from
ac4ff69 to
09f7a0f
Compare
integration-tests/src/common.rs
Outdated
| .join("resources") | ||
| .into_os_string() | ||
| .into_string() | ||
| .unwrap(); |
There was a problem hiding this comment.
Note that we are return a Result<T> for this function, maybe ? is good
integration-tests/src/common.rs
Outdated
| .join("as_policy") | ||
| .into_os_string() | ||
| .into_string() | ||
| .unwrap(); |
There was a problem hiding this comment.
Note that we are return a Result<T> for this function, maybe ? is good
integration-tests/src/common.rs
Outdated
| .join("reference_values") | ||
| .into_os_string() | ||
| .into_string() | ||
| .unwrap(); |
There was a problem hiding this comment.
Note that we are return a Result<T> for this function, maybe ? is good
|
|
||
| pub async fn query(address: String) -> Result<String> { | ||
| let mut client = ReferenceValueProviderServiceClient::connect(address).await?; | ||
| let req = tonic::Request::new(ReferenceValueQueryRequest {}); |
There was a problem hiding this comment.
Not related to this PR. bd7b1c8 defines no parameter to query the reference value, we need to define the key/group/te_id name for the reference values mapping then.
Up to now, the API query makes sense, but we need to change once the mapping is defined.
There was a problem hiding this comment.
Yeah good point. query_reference_value isn't the best name either. Maybe I will do a follow-up to just fix the names temporarily as we try to figure out what to do about reference values more generally.
Let's test a more complex policy where we need to set reference values. This means introducing the RVPS to the testing framework along with the RVPS tool. To handle this more complex test, let's make the test setup more robust. Right now we only have one test that uses the remote RVPS. When we introduce more tests that use the remote RVPS we'll need to double-check the robustness of the current framework. Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
fitzthum
force-pushed
the
reference-tests
branch
from
09f7a0f to
6855b11
Compare
Introduce a test to see if a more complex policy, specifically, this one:
It's still a relatively simple policy, but testing it took a lot of changes. For this policy to pass, the RVPS has to be working. I added support to the testing framework to start the RVPS and add RVs to it. I added a bunch of other stuff to the framework to hopefully make it more robust.
There were no major bugs in Trustee itself, but I made a few minor tweaks that should make things easier to use. I also had to make a couple changes to the RVPS so that the client and the server both could be used as crates.