skip hardware key setup in tests

kolide · Mar 8, 2024 · 9a0a3e9 · 9a0a3e9
1 parent 2a6e787
commit 9a0a3e9
Show file tree

Hide file tree

Showing 4 changed files with 88 additions and 31 deletions.
diff --git a/ee/agent/keys.go b/ee/agent/keys.go
@@ -29,7 +29,7 @@ func LocalDbKeys() keyInt {
 	return localDbKeys
 }
 
-func SetupKeys(ctx context.Context, slogger *slog.Logger, store types.GetterSetterDeleter, initHardwareKeys bool) error {
+func SetupKeys(ctx context.Context, slogger *slog.Logger, store types.GetterSetterDeleter, skipHardwareKeys bool) error {
 	ctx, span := traces.StartSpan(ctx)
 	defer span.End()
 
@@ -43,7 +43,7 @@ func SetupKeys(ctx context.Context, slogger *slog.Logger, store types.GetterSett
 		return fmt.Errorf("setting up local db keys: %w", err)
 	}
 
-	if !initHardwareKeys {
+	if skipHardwareKeys {
 		return nil
 	}
 

diff --git a/ee/debug/shipper/shipper_test.go b/ee/debug/shipper/shipper_test.go
@@ -57,7 +57,7 @@ func TestShip(t *testing.T) { //nolint:paralleltest
 			name: "happy path with signing keys and enroll secret",
 			mockKnapsack: func(t *testing.T) *typesMocks.Knapsack {
 				configStore := inmemory.NewStore()
-				agent.SetupKeys(context.TODO(), multislogger.NewNopLogger(), configStore, false)
+				agent.SetupKeys(context.TODO(), multislogger.NewNopLogger(), configStore, true)
 
 				k := typesMocks.NewKnapsack(t)
 				k.On("EnrollSecret").Return("enroll_secret_value")

diff --git a/pkg/osquery/extension.go b/pkg/osquery/extension.go
@@ -92,6 +92,9 @@ type ExtensionOpts struct {
 	// RunDifferentialQueriesImmediately allows the client to execute a new query the first time it sees it,
 	// bypassing the scheduler.
 	RunDifferentialQueriesImmediately bool
+	// skipHardwareKeysSetup is a flag to indicate if we should skip setting up hardware keys.
+	// This is useful for testing environments where we don't have required hardware.
+	skipHardwareKeysSetup bool
 }
 
 // NewExtension creates a new Extension from the provided service.KolideService
@@ -125,7 +128,7 @@ func NewExtension(ctx context.Context, client service.KolideService, k types.Kna
 		return nil, fmt.Errorf("setting up initial launcher keys: %w", err)
 	}
 
-	if err := agent.SetupKeys(ctx, slogger, configStore, true); err != nil {
+	if err := agent.SetupKeys(ctx, slogger, configStore, opts.skipHardwareKeysSetup); err != nil {
 		return nil, fmt.Errorf("setting up agent keys: %w", err)
 	}
 

diff --git a/pkg/osquery/extension_test.go b/pkg/osquery/extension_test.go
@@ -70,7 +70,9 @@ func TestNewExtensionEmptyEnrollSecret(t *testing.T) {
 	m.On("ReadEnrollSecret").Maybe().Return("", errors.New("test"))
 
 	// We should be able to make an extension despite an empty enroll secret
-	e, err := NewExtension(context.TODO(), &mock.KolideService{}, m, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), &mock.KolideService{}, m, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	assert.Nil(t, err)
 	assert.NotNil(t, e)
 }
@@ -100,7 +102,9 @@ func TestNewExtensionDatabaseError(t *testing.T) {
 	m.On("ConfigStore").Return(agentbbolt.NewStore(multislogger.NewNopLogger(), db, storage.ConfigStore.String()))
 	m.On("Slogger").Return(multislogger.NewNopLogger()).Maybe()
 
-	e, err := NewExtension(context.TODO(), &mock.KolideService{}, m, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), &mock.KolideService{}, m, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	assert.NotNil(t, err)
 	assert.Nil(t, e)
 }
@@ -110,7 +114,9 @@ func TestGetHostIdentifier(t *testing.T) {
 	defer cleanup()
 
 	k := makeKnapsack(t, db)
-	e, err := NewExtension(context.TODO(), &mock.KolideService{}, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), &mock.KolideService{}, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 
 	ident, err := e.getHostIdentifier()
@@ -125,7 +131,9 @@ func TestGetHostIdentifier(t *testing.T) {
 	db, cleanup = makeTempDB(t)
 	defer cleanup()
 	k = makeKnapsack(t, db)
-	e, err = NewExtension(context.TODO(), &mock.KolideService{}, k, ExtensionOpts{})
+	e, err = NewExtension(context.TODO(), &mock.KolideService{}, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 
 	ident, err = e.getHostIdentifier()
@@ -140,7 +148,9 @@ func TestGetHostIdentifierCorruptedData(t *testing.T) {
 	db, cleanup := makeTempDB(t)
 	defer cleanup()
 	k := makeKnapsack(t, db)
-	e, err := NewExtension(context.TODO(), &mock.KolideService{}, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), &mock.KolideService{}, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 
 	// Put garbage UUID in DB
@@ -169,7 +179,9 @@ func TestExtensionEnrollTransportError(t *testing.T) {
 	defer cleanup()
 	k := makeKnapsack(t, db)
 
-	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 
 	key, invalid, err := e.Enroll(context.Background())
@@ -189,7 +201,9 @@ func TestExtensionEnrollSecretInvalid(t *testing.T) {
 	db, cleanup := makeTempDB(t)
 	k := makeKnapsack(t, db)
 	defer cleanup()
-	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 
 	key, invalid, err := e.Enroll(context.Background())
@@ -218,7 +232,9 @@ func TestExtensionEnroll(t *testing.T) {
 	expectedEnrollSecret := "foo_secret"
 	k.On("ReadEnrollSecret").Maybe().Return(expectedEnrollSecret, nil)
 
-	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 
 	key, invalid, err := e.Enroll(context.Background())
@@ -237,7 +253,9 @@ func TestExtensionEnroll(t *testing.T) {
 	assert.Equal(t, expectedNodeKey, key)
 	assert.Equal(t, expectedEnrollSecret, gotEnrollSecret)
 
-	e, err = NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err = NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 	// Still should not re-enroll (because node key stored in DB)
 	key, invalid, err = e.Enroll(context.Background())
@@ -271,7 +289,9 @@ func TestExtensionGenerateConfigsTransportError(t *testing.T) {
 	defer cleanup()
 	k := makeKnapsack(t, db)
 	k.ConfigStore().Set([]byte(nodeKeyKey), []byte("some_node_key"))
-	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 
 	configs, err := e.GenerateConfigs(context.Background())
@@ -292,7 +312,9 @@ func TestExtensionGenerateConfigsCaching(t *testing.T) {
 	db, cleanup := makeTempDB(t)
 	defer cleanup()
 	k := makeKnapsack(t, db)
-	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 
 	configs, err := e.GenerateConfigs(context.Background())
@@ -329,7 +351,9 @@ func TestExtensionGenerateConfigsEnrollmentInvalid(t *testing.T) {
 	db, cleanup := makeTempDB(t)
 	defer cleanup()
 	k := makeKnapsack(t, db)
-	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 	e.NodeKey = "bad_node_key"
 
@@ -356,7 +380,9 @@ func TestGenerateConfigs_CannotEnrollYet(t *testing.T) {
 	k.On("Slogger").Return(multislogger.NewNopLogger())
 	k.On("ReadEnrollSecret").Maybe().Return("", errors.New("test"))
 
-	e, err := NewExtension(context.TODO(), s, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), s, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 
 	configs, err := e.GenerateConfigs(context.Background())
@@ -385,7 +411,9 @@ func TestExtensionGenerateConfigs(t *testing.T) {
 	db, cleanup := makeTempDB(t)
 	defer cleanup()
 	k := makeKnapsack(t, db)
-	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 
 	configs, err := e.GenerateConfigs(context.Background())
@@ -404,7 +432,9 @@ func TestExtensionWriteLogsTransportError(t *testing.T) {
 	db, cleanup := makeTempDB(t)
 	defer cleanup()
 	k := makeKnapsack(t, db)
-	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 
 	err = e.writeLogsWithReenroll(context.Background(), logger.LogTypeSnapshot, []string{"foobar"}, true)
@@ -428,7 +458,9 @@ func TestExtensionWriteLogsEnrollmentInvalid(t *testing.T) {
 	db, cleanup := makeTempDB(t)
 	defer cleanup()
 	k := makeKnapsack(t, db)
-	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 	e.NodeKey = "bad_node_key"
 
@@ -457,7 +489,9 @@ func TestExtensionWriteLogs(t *testing.T) {
 	db, cleanup := makeTempDB(t)
 	defer cleanup()
 	k := makeKnapsack(t, db)
-	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 	e.NodeKey = expectedNodeKey
 
@@ -533,7 +567,9 @@ func TestExtensionWriteBufferedLogsEmpty(t *testing.T) {
 	k.On("Slogger").Return(multislogger.NewNopLogger()).Maybe()
 	k.On("ReadEnrollSecret").Maybe().Return("enroll_secret", nil)
 
-	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 
 	// No buffered logs should result in success and no remote action being
@@ -572,7 +608,9 @@ func TestExtensionWriteBufferedLogs(t *testing.T) {
 	k.On("Slogger").Return(multislogger.NewNopLogger()).Maybe()
 	k.On("ReadEnrollSecret").Maybe().Return("enroll_secret", nil)
 
-	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 
 	e.LogString(context.Background(), logger.LogTypeStatus, "status foo")
@@ -642,7 +680,9 @@ func TestExtensionWriteBufferedLogsEnrollmentInvalid(t *testing.T) {
 	k.On("Slogger").Return(multislogger.NewNopLogger())
 	k.On("ReadEnrollSecret").Maybe().Return("enroll_secret", nil)
 
-	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 
 	e.LogString(context.Background(), logger.LogTypeStatus, "status foo")
@@ -1009,7 +1049,9 @@ func TestExtensionGetQueriesTransportError(t *testing.T) {
 	db, cleanup := makeTempDB(t)
 	defer cleanup()
 	k := makeKnapsack(t, db)
-	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 
 	queries, err := e.GetQueries(context.Background())
@@ -1039,7 +1081,9 @@ func TestExtensionGetQueriesEnrollmentInvalid(t *testing.T) {
 	k.On("Slogger").Return(multislogger.NewNopLogger())
 	k.On("ReadEnrollSecret").Return("enroll_secret", nil)
 
-	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 	e.NodeKey = "bad_node_key"
 
@@ -1067,7 +1111,9 @@ func TestExtensionGetQueries(t *testing.T) {
 	db, cleanup := makeTempDB(t)
 	defer cleanup()
 	k := makeKnapsack(t, db)
-	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 
 	queries, err := e.GetQueries(context.Background())
@@ -1086,7 +1132,9 @@ func TestExtensionWriteResultsTransportError(t *testing.T) {
 	db, cleanup := makeTempDB(t)
 	defer cleanup()
 	k := makeKnapsack(t, db)
-	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 
 	err = e.WriteResults(context.Background(), []distributed.Result{})
@@ -1110,7 +1158,9 @@ func TestExtensionWriteResultsEnrollmentInvalid(t *testing.T) {
 	db, cleanup := makeTempDB(t)
 	defer cleanup()
 	k := makeKnapsack(t, db)
-	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 	e.NodeKey = "bad_node_key"
 
@@ -1133,7 +1183,9 @@ func TestExtensionWriteResults(t *testing.T) {
 	db, cleanup := makeTempDB(t)
 	defer cleanup()
 	k := makeKnapsack(t, db)
-	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	e, err := NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.Nil(t, err)
 
 	expectedResults := []distributed.Result{
@@ -1161,7 +1213,9 @@ func TestLauncherRsaKeys(t *testing.T) {
 	k.On("ConfigStore").Return(configStore)
 	k.On("Slogger").Return(multislogger.NewNopLogger())
 
-	_, err = NewExtension(context.TODO(), m, k, ExtensionOpts{})
+	_, err = NewExtension(context.TODO(), m, k, ExtensionOpts{
+		skipHardwareKeysSetup: true,
+	})
 	require.NoError(t, err)
 
 	key, err := PrivateRSAKeyFromDB(configStore)