cloud-api-adaptor: add unit tests to securecomms

Add unit tests and improve test facilities

Signed-off-by: David Hadas <david.hadas@gmail.com>

src/cloud-api-adaptor/cmd/agent-protocol-forwarder/main.go

@@ -84,6 +84,7 @@ func (cfg *Config) Setup() (cmd.Starter, error) {
 	}
 
 	if secureComms {
+		ppssh.Singleton()
 		cfg.listenAddr = "127.0.0.1:15150"
 		inbounds := append([]string{"B:KBS:8080"}, strings.Split(secureCommsInbounds, ",")...)
 		outbounds := append([]string{"K:KATAAPI:15150"}, strings.Split(secureCommsOutbounds, ",")...)

src/cloud-api-adaptor/pkg/securecomms/kubemgr/kubemgr.go

@@ -13,6 +13,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/kubernetes/fake"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/util/homedir"
@@ -27,16 +28,16 @@ const (
 )
 
 type KubeMgrStruct struct {
-	client        *kubernetes.Clientset
-	cocoNamespace string
+	Client        kubernetes.Interface //*kubernetes.Clientset
+	CocoNamespace string
 }
 
 var SkipVerify bool
 
-func InitKubeMgr() error {
+func InitKubeMgrInVitro() error {
 	var err error
 	KubeMgr = &KubeMgrStruct{
-		cocoNamespace: cocoNamespace,
+		CocoNamespace: cocoNamespace,
 	}
 
 	var kubeCfg *rest.Config
@@ -64,7 +65,7 @@ func InitKubeMgr() error {
 		kubeCfg.TLSClientConfig.CAData = nil
 	}
 
-	KubeMgr.client, err = kubernetes.NewForConfig(kubeCfg)
+	KubeMgr.Client, err = kubernetes.NewForConfig(kubeCfg)
 	if err != nil {
 		return fmt.Errorf("failed to configure KubeApi using config: %w", err)
 	}
@@ -74,7 +75,7 @@ func InitKubeMgr() error {
 func InitKubeMgrInVivo() error {
 	var err error
 	KubeMgr = &KubeMgrStruct{
-		cocoNamespace: cocoNamespace,
+		CocoNamespace: cocoNamespace,
 	}
 
 	var kubeCfg *rest.Config
@@ -84,15 +85,22 @@ func InitKubeMgrInVivo() error {
 		return fmt.Errorf("no Config found to access KubeApi! err: %w", err)
 	}
 
-	KubeMgr.client, err = kubernetes.NewForConfig(kubeCfg)
+	KubeMgr.Client, err = kubernetes.NewForConfig(kubeCfg)
 	if err != nil {
 		return fmt.Errorf("failed to configure KubeApi using config: %w", err)
 	}
 	return nil
 }
 
+func InitKubeMgrMock() {
+	KubeMgr = &KubeMgrStruct{
+		CocoNamespace: cocoNamespace,
+		Client:        fake.NewSimpleClientset(),
+	}
+}
+
 func (kubeMgr *KubeMgrStruct) ReadSecret(secretName string) (privateKey []byte, publicKey []byte, err error) {
-	secrets := kubeMgr.client.CoreV1().Secrets(kubeMgr.cocoNamespace)
+	secrets := kubeMgr.Client.CoreV1().Secrets(kubeMgr.CocoNamespace)
 	secret, err := secrets.Get(context.Background(), secretName, metav1.GetOptions{})
 	if err != nil {
 		return
@@ -104,7 +112,7 @@ func (kubeMgr *KubeMgrStruct) ReadSecret(secretName string) (privateKey []byte,
 }
 
 func (kubeMgr *KubeMgrStruct) DeleteSecret(secretName string) {
-	secrets := kubeMgr.client.CoreV1().Secrets(kubeMgr.cocoNamespace)
+	secrets := kubeMgr.Client.CoreV1().Secrets(kubeMgr.CocoNamespace)
 	if err := secrets.Delete(context.Background(), secretName, metav1.DeleteOptions{}); err != nil {
 		logger.Printf("DeleteSecret '%s' error %v", secretName, err)
 		return
@@ -134,10 +142,10 @@ func (kubeMgr *KubeMgrStruct) CreateSecret(secretName string) (privateKey []byte
 
 	privateKey = sshutil.RsaPrivateKeyPEM(clientPrivateKey)
 
-	secrets := kubeMgr.client.CoreV1().Secrets(kubeMgr.cocoNamespace)
+	secrets := kubeMgr.Client.CoreV1().Secrets(kubeMgr.CocoNamespace)
 	s := corev1.Secret{}
 	s.Name = secretName
-	s.Namespace = kubeMgr.cocoNamespace
+	s.Namespace = kubeMgr.CocoNamespace
 	s.Data = map[string][]byte{}
 	s.Data["privateKey"] = privateKey
 	s.Data["publicKey"] = publicKey

src/cloud-api-adaptor/pkg/securecomms/kubemgr/kubemgr_test.go

@@ -0,0 +1,34 @@
+package kubemgr
+
+import (
+	"slices"
+	"testing"
+)
+
+func TestSecrets(t *testing.T) {
+	InitKubeMgrMock()
+
+	privateKey1, publicKey1, err1 := KubeMgr.CreateSecret("XYZ")
+	if err1 != nil {
+		t.Error(err1)
+	}
+
+	privateKey2, publicKey2, err2 := KubeMgr.ReadSecret("XYZ")
+	if err1 != nil {
+		t.Error(err2)
+	}
+	_, _, err3 := KubeMgr.ReadSecret("ABC")
+	if err3 == nil {
+		t.Error("Expected error")
+	}
+
+	KubeMgr.DeleteSecret("XYZ")
+	KubeMgr.DeleteSecret("ABC")
+
+	if !slices.Equal(publicKey1, publicKey2) {
+		t.Error("publicKey not equal")
+	}
+	if !slices.Equal(privateKey1, privateKey2) {
+		t.Error("privateKey not equal")
+	}
+}

src/cloud-api-adaptor/pkg/securecomms/ppssh/ppssh.go

@@ -46,9 +46,7 @@ func k8sPhase(ctx context.Context, listener net.Listener, inbounds sshproxy.Inbo
 			peer = nil
 			continue
 		}
-		peer.AddOutbounds(outbounds)
-		err = peer.AddInbounds(inbounds)
-		if err != nil {
+		if err := peer.AddTags(inbounds, outbounds); err != nil {
 			logger.Fatalf("Failed addInbounds during k8sPhase: %s", err)
 		}
 		peer.Ready()
@@ -79,8 +77,7 @@ func attestationPhase(ctx context.Context, listener net.Listener, inbounds sshpr
 		}
 	}
 
-	peer.AddOutbounds(outbounds)
-	if err := peer.AddInbounds(inbounds); err != nil {
+	if err := peer.AddTags(inbounds, outbounds); err != nil {
 		logger.Fatal("Attastation Phase: failed to add Inbounds: ", err)
 	}
 	peer.Ready()
@@ -110,7 +107,6 @@ func attestationPhase(ctx context.Context, listener net.Listener, inbounds sshpr
 func InitSshServer(ctx context.Context, inbound_strings, outbounds_strings []string, getSecret GetSecret) {
 	logger.Printf("Using PP Secure Comms: InitSshServer version %s", sshutil.PpSecureCommsVersion)
 
-	Singleton()
 	var inbounds sshproxy.Inbounds
 	var outbounds sshproxy.Outbounds
 	var wg sync.WaitGroup
@@ -292,17 +288,3 @@ func AttestationSShService(ctx context.Context, nConn net.Conn) (*sshproxy.SshPe
 	peer := sshproxy.NewSshPeer(ctx, sshproxy.ATTESTATION, conn, chans, sshReqs, "")
 	return peer, nil
 }
-
-func CopyFile(source, dest string) {
-	input, err := os.ReadFile(source)
-	if err != nil {
-		logger.Printf("Error reading %s: %s", source, err.Error())
-		return
-	}
-
-	err = os.WriteFile(dest, input, 0644)
-	if err != nil {
-		logger.Printf("Error creating %s: %s", dest, err.Error())
-		return
-	}
-}