Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make gpg tests more resilient #875

Merged
merged 3 commits into from
Feb 1, 2024
Merged

Make gpg tests more resilient #875

merged 3 commits into from
Feb 1, 2024

Conversation

eloquence
Copy link
Member

@eloquence eloquence commented Apr 5, 2023
edited by zenmonkeykstop
Loading

Status

Ready for review

Description of Changes

Fixes #874

  • Tests no longer fail if more than one key present
  • Test fails if no key present in local keyring

Changes proposed in this pull request:

Testing

  • Prior to testing, make clone from this branch in dom0.

  • Ensure you have a configured workstation and sd-journalist.sec and config.json present in dom0.

  • make test-gpg passes (if not, initial setup may have issues)

  • Replace dom0 sd-journalist.sec with a different key not provisioned in sd-gpg

  • make test-gpg fails

  • Import the new key manually on sd-gpg via gpg --import

  • make test-gpg passes

  • Remove the new key on sd-gpg via gpg --delete-secret-key and gpg--delete-key

  • make test-gpg fails

  • Restore original dom0 config

  • make test-gpg passes

@rocodes rocodes self-assigned this Apr 6, 2023
legoktm
legoktm reviewed Nov 17, 2023
View reviewed changes
tests/test_gpg.py Outdated

# Because we imported this key into a temporary directory,
# we should only have one key in the keyring.
if len(fingerprints) == 1:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason you didn't make this an assertion? Otherwise it seems like there needs to be an else case here that throws an exception or pytest.fails

tests/test_gpg.py Outdated
fingerprints = find_fps_from_gpg_output(p)

# Especially during development, sd-gpg may contain more than one key
if expected_fp and expected_fp in fingerprints:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

assert or else here as well

tests/test_gpg.py Outdated
local_fp = get_local_fp()
remote_fp = get_remote_fp(expected_fp=local_fp)

self.assertIsNotNone(local_fp, "Local key not found")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This covers what I mentioned above but I think it would be better for the assertions to be closer to what they are asserting.

legoktm
legoktm previously requested changes Nov 17, 2023
View reviewed changes
Copy link
Member

@legoktm legoktm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(per inline comments)

@zenmonkeykstop zenmonkeykstop assigned eloquence and unassigned rocodes Jan 17, 2024
@eloquence
Copy link
Member Author

Thanks Kunal, will pick this back up but need to reprov a 4.1 env first -- doing that part today, so may not get back to the PR til tomorrow.

@eloquence
Copy link
Member Author

From-scratch 4.1 reprovisioning completed without issues or errors, will poke this tomorrow :)

@eloquence
Make gpg tests more resilient
b3a892f 
- Succeed if expected key is present in sd-gpg
- Fail if no key is present locally or remotely
@eloquence
Remove outdated comment; tweak test
243230f
@eloquence eloquence force-pushed the gpg-tests branch 2 times, most recently from 66571e1 to eb5b6fe Compare January 20, 2024 00:50
@eloquence
Copy link
Member Author

eloquence commented Jan 20, 2024
edited
Loading

Thanks @legoktm - I've reorganized the file a bit, tell me what you think. I did not see a good reason to have the GPG test setup outside the class so it's integrated now. I've still tried to group the assertions in the test method but avoided the use of conditionals in the test helper.

@zenmonkeykstop zenmonkeykstop self-assigned this Jan 30, 2024
zenmonkeykstop
zenmonkeykstop approved these changes Feb 1, 2024
View reviewed changes
Copy link
Contributor

@zenmonkeykstop zenmonkeykstop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, test plan passes

@zenmonkeykstop zenmonkeykstop merged commit 4b1ebfb into main Feb 1, 2024
7 checks passed
@legoktm legoktm deleted the gpg-tests branch March 5, 2024 18:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zenmonkeykstop zenmonkeykstop zenmonkeykstop approved these changes

@legoktm legoktm legoktm left review comments

Assignees

@eloquence eloquence

@zenmonkeykstop zenmonkeykstop

Labels
None yet
Projects
SecureDrop dev cycle
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Make gpg key test more resilient
4 participants
@eloquence @legoktm @zenmonkeykstop @rocodes