tests: add positive tests for resource compression

Also verify hashes, to ensure that Ignition's decompress-before-verify semantics are maintained (#961).
coreos · Apr 9, 2020 · 3660e8c · 3660e8c
1 parent 082b454
commit 3660e8c
Show file tree

Hide file tree

Showing 4 changed files with 215 additions and 4 deletions.
diff --git a/tests/positive/files/remote.go b/tests/positive/files/remote.go
@@ -15,12 +15,16 @@
 package files
 
 import (
+	"strings"
+
 	"github.com/coreos/ignition/v2/tests/register"
+	"github.com/coreos/ignition/v2/tests/servers"
 	"github.com/coreos/ignition/v2/tests/types"
 )
 
 func init() {
 	register.Register(register.PositiveTest, CreateFileFromRemoteContentsHTTP())
+	register.Register(register.PositiveTest, CreateFileFromRemoteContentsHTTPCompressed())
 	register.Register(register.PositiveTest, CreateFileFromRemoteContentsHTTPUsingHeaders())
 	register.Register(register.PositiveTest, CreateFileFromRemoteContentsHTTPUsingHeadersWithRedirect())
 	register.Register(register.PositiveTest, CreateFileFromRemoteContentsHTTPUsingOverwrittenHeaders())
@@ -62,6 +66,45 @@ func CreateFileFromRemoteContentsHTTP() types.Test {
 	}
 }
 
+func CreateFileFromRemoteContentsHTTPCompressed() types.Test {
+	name := "files.create.http.compressed"
+	in := types.GetBaseDisk()
+	out := types.GetBaseDisk()
+	config := strings.Replace(`{
+	  "ignition": { "version": "$version" },
+	  "storage": {
+	    "files": [{
+	      "path": "/foo/bar",
+	      "contents": {
+	        "compression": "gzip",
+	        "source": "http://127.0.0.1:8080/contents_compressed",
+	        "verification": {
+	          "hash": "sha512-HASH"
+	        }
+	      }
+	    }]
+	  }
+	}`, "HASH", servers.ContentsHash, -1)
+	out[0].Partitions.AddFiles("ROOT", []types.File{
+		{
+			Node: types.Node{
+				Name:      "bar",
+				Directory: "foo",
+			},
+			Contents: "asdf\nfdsa",
+		},
+	})
+	configMinVersion := "3.1.0-experimental"
+
+	return types.Test{
+		Name:             name,
+		In:               in,
+		Out:              out,
+		Config:           config,
+		ConfigMinVersion: configMinVersion,
+	}
+}
+
 func CreateFileFromRemoteContentsHTTPUsingHeaders() types.Test {
 	name := "files.create.http.headers"
 	in := types.GetBaseDisk()

diff --git a/tests/positive/general/general.go b/tests/positive/general/general.go
@@ -26,10 +26,12 @@ func init() {
 	// TODO: Add S3 tests
 	register.Register(register.PositiveTest, ReformatFilesystemAndWriteFile())
 	register.Register(register.PositiveTest, ReplaceConfigWithRemoteConfigHTTP())
+	register.Register(register.PositiveTest, ReplaceConfigWithRemoteConfigHTTPCompressed())
 	register.Register(register.PositiveTest, ReplaceConfigWithRemoteConfigHTTPUsingHeaders())
 	register.Register(register.PositiveTest, ReplaceConfigWithRemoteConfigHTTPUsingHeadersWithRedirect())
 	register.Register(register.PositiveTest, ReplaceConfigWithRemoteConfigHTTPUsingOverwrittenHeaders())
 	register.Register(register.PositiveTest, AppendConfigWithRemoteConfigHTTP())
+	register.Register(register.PositiveTest, AppendConfigWithRemoteConfigHTTPCompressed())
 	register.Register(register.PositiveTest, AppendConfigWithRemoteConfigHTTPUsingHeaders())
 	register.Register(register.PositiveTest, AppendConfigWithRemoteConfigHTTPUsingHeadersWithRedirect())
 	register.Register(register.PositiveTest, AppendConfigWithRemoteConfigHTTPUsingOverwrittenHeaders())
@@ -123,6 +125,42 @@ func ReplaceConfigWithRemoteConfigHTTP() types.Test {
 	}
 }
 
+func ReplaceConfigWithRemoteConfigHTTPCompressed() types.Test {
+	name := "config.replace.http.compressed"
+	in := types.GetBaseDisk()
+	out := types.GetBaseDisk()
+	config := strings.Replace(`{
+	  "ignition": {
+	    "version": "$version",
+	    "config": {
+	      "replace": {
+	        "compression": "gzip",
+	        "source": "http://127.0.0.1:8080/config_compressed",
+			"verification": { "hash": "sha512-HASH" }
+	      }
+	    }
+	  }
+	}`, "HASH", servers.ConfigHash, 1)
+	configMinVersion := "3.1.0-experimental"
+	out[0].Partitions.AddFiles("ROOT", []types.File{
+		{
+			Node: types.Node{
+				Name:      "bar",
+				Directory: "foo",
+			},
+			Contents: "example file\n",
+		},
+	})
+
+	return types.Test{
+		Name:             name,
+		In:               in,
+		Out:              out,
+		Config:           config,
+		ConfigMinVersion: configMinVersion,
+	}
+}
+
 func ReplaceConfigWithRemoteConfigHTTPUsingHeaders() types.Test {
 	name := "config.replace.http.headers"
 	in := types.GetBaseDisk()
@@ -319,6 +357,55 @@ func AppendConfigWithRemoteConfigHTTP() types.Test {
 	}
 }
 
+func AppendConfigWithRemoteConfigHTTPCompressed() types.Test {
+	name := "config.merge.http.compressed"
+	in := types.GetBaseDisk()
+	out := types.GetBaseDisk()
+	config := strings.Replace(`{
+	  "ignition": {
+	    "version": "$version",
+	    "config": {
+	      "merge": [{
+	        "compression": "gzip",
+	        "source": "http://127.0.0.1:8080/config_compressed",
+			"verification": { "hash": "sha512-HASH" }
+	      }]
+	    }
+	  },
+      "storage": {
+        "files": [{
+          "path": "/foo/bar2",
+          "contents": { "source": "data:,another%20example%20file%0A" }
+        }]
+      }
+	}`, "HASH", servers.ConfigHash, 1)
+	configMinVersion := "3.1.0-experimental"
+	out[0].Partitions.AddFiles("ROOT", []types.File{
+		{
+			Node: types.Node{
+				Name:      "bar",
+				Directory: "foo",
+			},
+			Contents: "example file\n",
+		},
+		{
+			Node: types.Node{
+				Name:      "bar2",
+				Directory: "foo",
+			},
+			Contents: "another example file\n",
+		},
+	})
+
+	return types.Test{
+		Name:             name,
+		In:               in,
+		Out:              out,
+		Config:           config,
+		ConfigMinVersion: configMinVersion,
+	}
+}
+
 func AppendConfigWithRemoteConfigHTTPUsingHeaders() types.Test {
 	name := "config.merge.http.headers"
 	in := types.GetBaseDisk()

diff --git a/tests/positive/security/tls.go b/tests/positive/security/tls.go
@@ -21,6 +21,7 @@ import (
 	"net/http/httptest"
 
 	"github.com/coreos/ignition/v2/tests/register"
+	"github.com/coreos/ignition/v2/tests/servers"
 	"github.com/coreos/ignition/v2/tests/types"
 
 	"github.com/vincent-petithory/dataurl"
@@ -38,6 +39,7 @@ func init() {
 	register.Register(register.PositiveTest, AppendConfigCustomCert())
 	register.Register(register.PositiveTest, FetchFileCustomCert())
 	register.Register(register.PositiveTest, FetchFileCustomCertHTTP())
+	register.Register(register.PositiveTest, FetchFileCustomCertHTTPCompressed())
 	register.Register(register.PositiveTest, FetchFileCustomCertHTTPUsingHeaders())
 	register.Register(register.PositiveTest, FetchFileCustomCertHTTPUsingHeadersWithRedirect())
 	register.Register(register.PositiveTest, FetchFileCustomCertHTTPUsingOverwrittenHeaders())
@@ -224,6 +226,55 @@ func FetchFileCustomCertHTTP() types.Test {
 	}
 }
 
+func FetchFileCustomCertHTTPCompressed() types.Test {
+	name := "tls.fetchfile.http.compressed"
+	in := types.GetBaseDisk()
+	out := types.GetBaseDisk()
+	config := fmt.Sprintf(`{
+		"ignition": {
+			"version": "$version",
+			"security": {
+				"tls": {
+					"certificateAuthorities": [{
+						"compression": "gzip",
+						"source": "http://127.0.0.1:8080/certificates_compressed",
+						"verification": {
+							"hash": "sha512-%v"
+						}
+					}]
+				}
+			}
+		},
+		"storage": {
+			"files": [{
+				"path": "/foo/bar",
+				"contents": {
+					"source": %q
+				}
+			}]
+		}
+	}`, servers.PublicKeyHash, customCAServer.URL)
+	configMinVersion := "3.1.0-experimental"
+
+	out[0].Partitions.AddFiles("ROOT", []types.File{
+		{
+			Node: types.Node{
+				Directory: "foo",
+				Name:      "bar",
+			},
+			Contents: string(customCAServerFile),
+		},
+	})
+
+	return types.Test{
+		Name:             name,
+		In:               in,
+		Out:              out,
+		Config:           config,
+		ConfigMinVersion: configMinVersion,
+	}
+}
+
 func FetchFileCustomCertHTTPUsingHeaders() types.Test {
 	name := "tls.fetchfile.http.headers"
 	in := types.GetBaseDisk()

diff --git a/tests/servers/servers.go b/tests/servers/servers.go
@@ -16,6 +16,7 @@ package servers
 
 import (
 	"bytes"
+	"compress/gzip"
 	"crypto/sha512"
 	"encoding/hex"
 	"fmt"
@@ -61,10 +62,12 @@ AKbyaAqbChEy9CvDgyv6qxTYU+eeBImLKS3PH2uW5etc/69V/sDojqpH3hEffsOt
 -----END CERTIFICATE-----`)
 
 	// export these so tests don't have to hard-code them everywhere
-	configRawHash   = sha512.Sum512(servedConfig)
-	contentsRawHash = sha512.Sum512(servedContents)
-	ConfigHash      = hex.EncodeToString(configRawHash[:])
-	ContentsHash    = hex.EncodeToString(contentsRawHash[:])
+	configRawHash    = sha512.Sum512(servedConfig)
+	contentsRawHash  = sha512.Sum512(servedContents)
+	publicKeyRawHash = sha512.Sum512(servedPublicKey)
+	ConfigHash       = hex.EncodeToString(configRawHash[:])
+	ContentsHash     = hex.EncodeToString(contentsRawHash[:])
+	PublicKeyHash    = hex.EncodeToString(publicKeyRawHash[:])
 )
 
 // HTTP Server
@@ -80,6 +83,30 @@ func (server *HTTPServer) Certificates(w http.ResponseWriter, r *http.Request) {
 	w.Write(servedPublicKey)
 }
 
+func compress(contents []byte) []byte {
+	var buf bytes.Buffer
+	w := gzip.NewWriter(&buf)
+	if _, err := w.Write(contents); err != nil {
+		panic(err)
+	}
+	if err := w.Close(); err != nil {
+		panic(err)
+	}
+	return buf.Bytes()
+}
+
+func (server *HTTPServer) ConfigCompressed(w http.ResponseWriter, r *http.Request) {
+	w.Write(compress(servedConfig))
+}
+
+func (server *HTTPServer) ContentsCompressed(w http.ResponseWriter, r *http.Request) {
+	w.Write(compress(servedContents))
+}
+
+func (server *HTTPServer) CertificatesCompressed(w http.ResponseWriter, r *http.Request) {
+	w.Write(compress(servedPublicKey))
+}
+
 func errorHandler(w http.ResponseWriter, message string) {
 	w.WriteHeader(http.StatusBadRequest)
 	w.Write([]byte(message))
@@ -227,16 +254,19 @@ type HTTPServer struct{}
 
 func (server *HTTPServer) Start() {
 	http.HandleFunc("/contents", server.Contents)
+	http.HandleFunc("/contents_compressed", server.ContentsCompressed)
 	http.HandleFunc("/contents_headers", server.ContentsHeaders)
 	http.HandleFunc("/contents_headers_redirect", server.ContentsRedirect)
 	http.HandleFunc("/contents_headers_redirected", server.ContentsRedirected)
 	http.HandleFunc("/contents_headers_overwrite", server.ContentsHeadersOverwrite)
 	http.HandleFunc("/certificates", server.Certificates)
+	http.HandleFunc("/certificates_compressed", server.CertificatesCompressed)
 	http.HandleFunc("/certificates_headers", server.CertificatesHeaders)
 	http.HandleFunc("/certificates_headers_redirect", server.CertificatesRedirect)
 	http.HandleFunc("/certificates_headers_redirected", server.CertificatesRedirected)
 	http.HandleFunc("/certificates_headers_overwrite", server.CertificatesHeadersOverwrite)
 	http.HandleFunc("/config", server.Config)
+	http.HandleFunc("/config_compressed", server.ConfigCompressed)
 	http.HandleFunc("/config_headers", server.ConfigHeaders)
 	http.HandleFunc("/config_headers_redirect", server.ConfigRedirect)
 	http.HandleFunc("/config_headers_redirected", server.ConfigRedirected)