storj/storagenode/trust/service_test.go

// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.

package trust_test

import (
	"context"
	"crypto/x509"
	"errors"
	"fmt"
	"sync"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	"go.uber.org/zap/zaptest"

	"storj.io/common/identity"
	"storj.io/common/storj"
	"storj.io/common/testcontext"
	"storj.io/common/testrand"
	"storj.io/storj/storagenode/trust"
)

func TestPoolRequiresCachePath(t *testing.T) {
	log := zaptest.NewLogger(t)
	_, err := trust.NewPool(log, newFakeIdentityResolver(), trust.Config{}, nil)
	require.EqualError(t, err, "trust: cache path cannot be empty")
}

func TestPoolVerifySatelliteID(t *testing.T) {
	ctx, pool, source, _ := newPoolTest(t)
	defer ctx.Cleanup()

	id := testrand.NodeID()

	// Assert the ID is not trusted
	err := pool.VerifySatelliteID(context.Background(), id)
	require.EqualError(t, err, fmt.Sprintf("trust: satellite %q is untrusted", id))

	// Refresh the pool with the new trust entry
	source.entries = []trust.Entry{
		{
			SatelliteURL: trust.SatelliteURL{
				ID:   id,
				Host: "foo.test",
				Port: 7777,
			},
		},
	}
	require.NoError(t, pool.Refresh(context.Background()))

	// Assert the ID is now trusted
	err = pool.VerifySatelliteID(context.Background(), id)
	require.NoError(t, err)

	// Refresh the pool after removing the trusted satellite
	source.entries = nil
	require.NoError(t, pool.Refresh(context.Background()))

	// Assert the ID is no longer trusted
	err = pool.VerifySatelliteID(context.Background(), id)
	require.EqualError(t, err, fmt.Sprintf("trust: satellite %q is untrusted", id))
}

func TestPoolGetSignee(t *testing.T) {
	id := testrand.NodeID()
	url := trust.SatelliteURL{
		ID:   id,
		Host: "foo.test",
		Port: 7777,
	}

	ctx, pool, source, resolver := newPoolTest(t)
	defer ctx.Cleanup()

	// ID is untrusted
	_, err := pool.GetSignee(context.Background(), id)
	require.EqualError(t, err, fmt.Sprintf("trust: satellite %q is untrusted", id))

	// Refresh the pool with the new trust entry
	source.entries = []trust.Entry{{SatelliteURL: url}}
	require.NoError(t, pool.Refresh(context.Background()))

	// Identity is uncached and resolving fails
	_, err = pool.GetSignee(context.Background(), id)
	require.EqualError(t, err, "trust: no identity")

	// Now make resolving succeed
	identity := &identity.PeerIdentity{
		ID:   id,
		Leaf: &x509.Certificate{},
	}
	resolver.SetIdentity(url.NodeURL(), identity)
	signee, err := pool.GetSignee(context.Background(), id)
	require.NoError(t, err)
	assert.Equal(t, id, signee.ID())

	// Now make resolving fail but ensure we can still get the signee since
	// the identity is cached.
	resolver.SetIdentity(url.NodeURL(), nil)
	signee, err = pool.GetSignee(context.Background(), id)
	require.NoError(t, err)
	assert.Equal(t, id, signee.ID())

	// Now update the address on the entry and assert that the identity is
	// reset in the cache and needs to be refetched (and fails since we've
	// hampered the resolver)
	url.Host = "bar.test"
	source.entries = []trust.Entry{{SatelliteURL: url}}
	require.NoError(t, pool.Refresh(context.Background()))
	_, err = pool.GetSignee(context.Background(), id)
	require.EqualError(t, err, "trust: no identity")
}

func TestPoolGetSatellites(t *testing.T) {
	ctx, pool, source, _ := newPoolTest(t)
	defer ctx.Cleanup()

	id1 := testrand.NodeID()
	id2 := testrand.NodeID()

	// Refresh the pool with the new trust entry
	source.entries = []trust.Entry{
		{
			SatelliteURL: trust.SatelliteURL{
				ID:   id1,
				Host: "foo.test",
				Port: 7777,
			},
		},
		{
			SatelliteURL: trust.SatelliteURL{
				ID:   id2,
				Host: "bar.test",
				Port: 7777,
			},
		},
	}
	require.NoError(t, pool.Refresh(context.Background()))

	expected := []storj.NodeID{id1, id2}
	actual := pool.GetSatellites(context.Background())
	assert.ElementsMatch(t, expected, actual)
}

func TestPoolGetAddress(t *testing.T) {
	ctx, pool, source, _ := newPoolTest(t)
	defer ctx.Cleanup()

	id := testrand.NodeID()

	// Assert the ID is not trusted
	nodeurl, err := pool.GetNodeURL(context.Background(), id)
	require.EqualError(t, err, fmt.Sprintf("trust: satellite %q is untrusted", id))
	require.Empty(t, nodeurl)

	// Refresh the pool with the new trust entry
	source.entries = []trust.Entry{
		{
			SatelliteURL: trust.SatelliteURL{
				ID:   id,
				Host: "foo.test",
				Port: 7777,
			},
		},
	}
	require.NoError(t, pool.Refresh(context.Background()))

	// Assert the ID is now trusted and the correct address is returned
	nodeurl, err = pool.GetNodeURL(context.Background(), id)
	require.NoError(t, err)
	require.Equal(t, id, nodeurl.ID)
	require.Equal(t, "foo.test:7777", nodeurl.Address)

	// Refresh the pool with an updated trust entry with a new address
	source.entries = []trust.Entry{
		{
			SatelliteURL: trust.SatelliteURL{
				ID:   id,
				Host: "bar.test",
				Port: 7777,
			},
		},
	}
	require.NoError(t, pool.Refresh(context.Background()))

	// Assert the ID is now trusted and the correct address is returned
	nodeurl, err = pool.GetNodeURL(context.Background(), id)
	require.NoError(t, err)
	require.Equal(t, id, nodeurl.ID)
	require.Equal(t, "bar.test:7777", nodeurl.Address)
}

func newPoolTest(t *testing.T) (*testcontext.Context, *trust.Pool, *fakeSource, *fakeIdentityResolver) {
	ctx := testcontext.New(t)

	source := &fakeSource{}

	resolver := newFakeIdentityResolver()

	log := zaptest.NewLogger(t)
	pool, err := trust.NewPool(log, resolver, trust.Config{
		Sources:   []trust.Source{source},
		CachePath: ctx.File("trust-cache.json"),
	}, nil)
	if err != nil {
		ctx.Cleanup()
		require.NoError(t, err)
	}

	return ctx, pool, source, resolver
}

type fakeIdentityResolver struct {
	mu         sync.Mutex
	identities map[storj.NodeURL]*identity.PeerIdentity
}

func newFakeIdentityResolver() *fakeIdentityResolver {
	return &fakeIdentityResolver{
		identities: make(map[storj.NodeURL]*identity.PeerIdentity),
	}
}

func (resolver *fakeIdentityResolver) SetIdentity(url storj.NodeURL, identity *identity.PeerIdentity) {
	resolver.mu.Lock()
	defer resolver.mu.Unlock()
	resolver.identities[url] = identity
}

func (resolver *fakeIdentityResolver) ResolveIdentity(ctx context.Context, url storj.NodeURL) (*identity.PeerIdentity, error) {
	resolver.mu.Lock()
	defer resolver.mu.Unlock()

	identity := resolver.identities[url]
	if identity == nil {
		return nil, errors.New("no identity")
	}
	return identity, nil
}
Don't cancel fetching peer identity context when request is cancelled (#1699) * don't cancel fetching peer identity context when request is cancelled * fix typo * add tests * fix typo 2019-04-08 21:31:20 +01:00			`// Copyright (C) 2019 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

			`package trust_test`

			`import (`
			`"context"`
storagenode/trust: wire up list into pool - also updated ping chore to pick up trust changes - fixed small typo in blueprint - fixed flags for storj-sim - wired up changes to testplanet Change-Id: I02982f3a63a1b4150b82a009ee126b25ed51917d 2019-11-16 00:59:32 +00:00			`"crypto/x509"`
don't cache failed satellite certificate fetch attempt (#1745) * don't cache failing error * fix test * fix linter errors 2019-04-12 15:28:27 +01:00			`"errors"`
storagenode/trust: wire up list into pool - also updated ping chore to pick up trust changes - fixed small typo in blueprint - fixed flags for storj-sim - wired up changes to testplanet Change-Id: I02982f3a63a1b4150b82a009ee126b25ed51917d 2019-11-16 00:59:32 +00:00			`"fmt"`
			`"sync"`
Don't cancel fetching peer identity context when request is cancelled (#1699) * don't cancel fetching peer identity context when request is cancelled * fix typo * add tests * fix typo 2019-04-08 21:31:20 +01:00			`"testing"`

			`"github.com/stretchr/testify/assert"`
don't cache failed satellite certificate fetch attempt (#1745) * don't cache failing error * fix test * fix linter errors 2019-04-12 15:28:27 +01:00			`"github.com/stretchr/testify/require"`
storagenode/trust: wire up list into pool - also updated ping chore to pick up trust changes - fixed small typo in blueprint - fixed flags for storj-sim - wired up changes to testplanet Change-Id: I02982f3a63a1b4150b82a009ee126b25ed51917d 2019-11-16 00:59:32 +00:00			`"go.uber.org/zap/zaptest"`
don't cache failed satellite certificate fetch attempt (#1745) * don't cache failing error * fix test * fix linter errors 2019-04-12 15:28:27 +01:00
common: separate repository Change-Id: Ibb89c42060450e3839481a7e495bbe3ad940610a 2019-12-27 11:48:47 +00:00			`"storj.io/common/identity"`
			`"storj.io/common/storj"`
			`"storj.io/common/testcontext"`
			`"storj.io/common/testrand"`
storagenode/trust: wire up list into pool - also updated ping chore to pick up trust changes - fixed small typo in blueprint - fixed flags for storj-sim - wired up changes to testplanet Change-Id: I02982f3a63a1b4150b82a009ee126b25ed51917d 2019-11-16 00:59:32 +00:00			`"storj.io/storj/storagenode/trust"`
Don't cancel fetching peer identity context when request is cancelled (#1699) * don't cancel fetching peer identity context when request is cancelled * fix typo * add tests * fix typo 2019-04-08 21:31:20 +01:00			`)`

storagenode/trust: wire up list into pool - also updated ping chore to pick up trust changes - fixed small typo in blueprint - fixed flags for storj-sim - wired up changes to testplanet Change-Id: I02982f3a63a1b4150b82a009ee126b25ed51917d 2019-11-16 00:59:32 +00:00			`func TestPoolRequiresCachePath(t *testing.T) {`
			`log := zaptest.NewLogger(t)`
storagenode/satellites: address added, caching satellite's addresses from trust Change-Id: Ica3eea5b8d81b176c6a4385fea803730b08ece16 2021-07-08 10:14:15 +01:00			`_, err := trust.NewPool(log, newFakeIdentityResolver(), trust.Config{}, nil)`
storagenode/trust: wire up list into pool - also updated ping chore to pick up trust changes - fixed small typo in blueprint - fixed flags for storj-sim - wired up changes to testplanet Change-Id: I02982f3a63a1b4150b82a009ee126b25ed51917d 2019-11-16 00:59:32 +00:00			`require.EqualError(t, err, "trust: cache path cannot be empty")`
			`}`

			`func TestPoolVerifySatelliteID(t *testing.T) {`
			`ctx, pool, source, _ := newPoolTest(t)`
			`defer ctx.Cleanup()`

			`id := testrand.NodeID()`

			`// Assert the ID is not trusted`
			`err := pool.VerifySatelliteID(context.Background(), id)`
			`require.EqualError(t, err, fmt.Sprintf("trust: satellite %q is untrusted", id))`

			`// Refresh the pool with the new trust entry`
			`source.entries = []trust.Entry{`
			`{`
			`SatelliteURL: trust.SatelliteURL{`
			`ID: id,`
			`Host: "foo.test",`
			`Port: 7777,`
			`},`
			`},`
			`}`
			`require.NoError(t, pool.Refresh(context.Background()))`

			`// Assert the ID is now trusted`
			`err = pool.VerifySatelliteID(context.Background(), id)`
			`require.NoError(t, err)`

			`// Refresh the pool after removing the trusted satellite`
			`source.entries = nil`
			`require.NoError(t, pool.Refresh(context.Background()))`

			`// Assert the ID is no longer trusted`
			`err = pool.VerifySatelliteID(context.Background(), id)`
			`require.EqualError(t, err, fmt.Sprintf("trust: satellite %q is untrusted", id))`
			`}`

			`func TestPoolGetSignee(t *testing.T) {`
			`id := testrand.NodeID()`
			`url := trust.SatelliteURL{`
			`ID: id,`
			`Host: "foo.test",`
			`Port: 7777,`
			`}`

			`ctx, pool, source, resolver := newPoolTest(t)`
			`defer ctx.Cleanup()`

			`// ID is untrusted`
			`_, err := pool.GetSignee(context.Background(), id)`
			`require.EqualError(t, err, fmt.Sprintf("trust: satellite %q is untrusted", id))`

			`// Refresh the pool with the new trust entry`
			`source.entries = []trust.Entry{{SatelliteURL: url}}`
			`require.NoError(t, pool.Refresh(context.Background()))`

			`// Identity is uncached and resolving fails`
			`_, err = pool.GetSignee(context.Background(), id)`
			`require.EqualError(t, err, "trust: no identity")`

			`// Now make resolving succeed`
			`identity := &identity.PeerIdentity{`
			`ID: id,`
			`Leaf: &x509.Certificate{},`
			`}`
			`resolver.SetIdentity(url.NodeURL(), identity)`
			`signee, err := pool.GetSignee(context.Background(), id)`
			`require.NoError(t, err)`
			`assert.Equal(t, id, signee.ID())`

			`// Now make resolving fail but ensure we can still get the signee since`
			`// the identity is cached.`
			`resolver.SetIdentity(url.NodeURL(), nil)`
			`signee, err = pool.GetSignee(context.Background(), id)`
			`require.NoError(t, err)`
			`assert.Equal(t, id, signee.ID())`

			`// Now update the address on the entry and assert that the identity is`
			`// reset in the cache and needs to be refetched (and fails since we've`
			`// hampered the resolver)`
			`url.Host = "bar.test"`
			`source.entries = []trust.Entry{{SatelliteURL: url}}`
			`require.NoError(t, pool.Refresh(context.Background()))`
			`_, err = pool.GetSignee(context.Background(), id)`
			`require.EqualError(t, err, "trust: no identity")`
			`}`

			`func TestPoolGetSatellites(t *testing.T) {`
			`ctx, pool, source, _ := newPoolTest(t)`
			`defer ctx.Cleanup()`

			`id1 := testrand.NodeID()`
			`id2 := testrand.NodeID()`

			`// Refresh the pool with the new trust entry`
			`source.entries = []trust.Entry{`
			`{`
			`SatelliteURL: trust.SatelliteURL{`
			`ID: id1,`
			`Host: "foo.test",`
			`Port: 7777,`
			`},`
			`},`
			`{`
			`SatelliteURL: trust.SatelliteURL{`
			`ID: id2,`
			`Host: "bar.test",`
			`Port: 7777,`
			`},`
			`},`
			`}`
			`require.NoError(t, pool.Refresh(context.Background()))`

			`expected := []storj.NodeID{id1, id2}`
			`actual := pool.GetSatellites(context.Background())`
			`assert.ElementsMatch(t, expected, actual)`
Don't cancel fetching peer identity context when request is cancelled (#1699) * don't cancel fetching peer identity context when request is cancelled * fix typo * add tests * fix typo 2019-04-08 21:31:20 +01:00			`}`
implement storj.NodeURL in trusted satellites (#2388) * implement storj.NodeURL in trusted satellites 2019-07-03 18:29:18 +01:00
storagenode/trust: wire up list into pool - also updated ping chore to pick up trust changes - fixed small typo in blueprint - fixed flags for storj-sim - wired up changes to testplanet Change-Id: I02982f3a63a1b4150b82a009ee126b25ed51917d 2019-11-16 00:59:32 +00:00			`func TestPoolGetAddress(t *testing.T) {`
			`ctx, pool, source, _ := newPoolTest(t)`
			`defer ctx.Cleanup()`

			`id := testrand.NodeID()`

			`// Assert the ID is not trusted`
storagenode/trust: refactor GetAddress to GetNodeURL Most places now need the NodeURL rather than the ID and Address separately. This simplifies code in multiple places. Change-Id: I52621d8ca52296a8b5bf7afbc1001cf8bfb44239 2020-05-19 17:11:30 +01:00			`nodeurl, err := pool.GetNodeURL(context.Background(), id)`
storagenode/trust: wire up list into pool - also updated ping chore to pick up trust changes - fixed small typo in blueprint - fixed flags for storj-sim - wired up changes to testplanet Change-Id: I02982f3a63a1b4150b82a009ee126b25ed51917d 2019-11-16 00:59:32 +00:00			`require.EqualError(t, err, fmt.Sprintf("trust: satellite %q is untrusted", id))`
storagenode/trust: refactor GetAddress to GetNodeURL Most places now need the NodeURL rather than the ID and Address separately. This simplifies code in multiple places. Change-Id: I52621d8ca52296a8b5bf7afbc1001cf8bfb44239 2020-05-19 17:11:30 +01:00			`require.Empty(t, nodeurl)`
storagenode/trust: wire up list into pool - also updated ping chore to pick up trust changes - fixed small typo in blueprint - fixed flags for storj-sim - wired up changes to testplanet Change-Id: I02982f3a63a1b4150b82a009ee126b25ed51917d 2019-11-16 00:59:32 +00:00
			`// Refresh the pool with the new trust entry`
			`source.entries = []trust.Entry{`
			`{`
			`SatelliteURL: trust.SatelliteURL{`
			`ID: id,`
			`Host: "foo.test",`
			`Port: 7777,`
			`},`
			`},`
			`}`
			`require.NoError(t, pool.Refresh(context.Background()))`

			`// Assert the ID is now trusted and the correct address is returned`
storagenode/trust: refactor GetAddress to GetNodeURL Most places now need the NodeURL rather than the ID and Address separately. This simplifies code in multiple places. Change-Id: I52621d8ca52296a8b5bf7afbc1001cf8bfb44239 2020-05-19 17:11:30 +01:00			`nodeurl, err = pool.GetNodeURL(context.Background(), id)`
storagenode/trust: wire up list into pool - also updated ping chore to pick up trust changes - fixed small typo in blueprint - fixed flags for storj-sim - wired up changes to testplanet Change-Id: I02982f3a63a1b4150b82a009ee126b25ed51917d 2019-11-16 00:59:32 +00:00			`require.NoError(t, err)`
storagenode/trust: refactor GetAddress to GetNodeURL Most places now need the NodeURL rather than the ID and Address separately. This simplifies code in multiple places. Change-Id: I52621d8ca52296a8b5bf7afbc1001cf8bfb44239 2020-05-19 17:11:30 +01:00			`require.Equal(t, id, nodeurl.ID)`
			`require.Equal(t, "foo.test:7777", nodeurl.Address)`
storagenode/trust: wire up list into pool - also updated ping chore to pick up trust changes - fixed small typo in blueprint - fixed flags for storj-sim - wired up changes to testplanet Change-Id: I02982f3a63a1b4150b82a009ee126b25ed51917d 2019-11-16 00:59:32 +00:00
			`// Refresh the pool with an updated trust entry with a new address`
			`source.entries = []trust.Entry{`
			`{`
			`SatelliteURL: trust.SatelliteURL{`
			`ID: id,`
			`Host: "bar.test",`
			`Port: 7777,`
			`},`
			`},`
			`}`
			`require.NoError(t, pool.Refresh(context.Background()))`

			`// Assert the ID is now trusted and the correct address is returned`
storagenode/trust: refactor GetAddress to GetNodeURL Most places now need the NodeURL rather than the ID and Address separately. This simplifies code in multiple places. Change-Id: I52621d8ca52296a8b5bf7afbc1001cf8bfb44239 2020-05-19 17:11:30 +01:00			`nodeurl, err = pool.GetNodeURL(context.Background(), id)`
storagenode/trust: wire up list into pool - also updated ping chore to pick up trust changes - fixed small typo in blueprint - fixed flags for storj-sim - wired up changes to testplanet Change-Id: I02982f3a63a1b4150b82a009ee126b25ed51917d 2019-11-16 00:59:32 +00:00			`require.NoError(t, err)`
storagenode/trust: refactor GetAddress to GetNodeURL Most places now need the NodeURL rather than the ID and Address separately. This simplifies code in multiple places. Change-Id: I52621d8ca52296a8b5bf7afbc1001cf8bfb44239 2020-05-19 17:11:30 +01:00			`require.Equal(t, id, nodeurl.ID)`
			`require.Equal(t, "bar.test:7777", nodeurl.Address)`
storagenode/trust: wire up list into pool - also updated ping chore to pick up trust changes - fixed small typo in blueprint - fixed flags for storj-sim - wired up changes to testplanet Change-Id: I02982f3a63a1b4150b82a009ee126b25ed51917d 2019-11-16 00:59:32 +00:00			`}`

			`func newPoolTest(t testing.T) (testcontext.Context, trust.Pool, fakeSource, *fakeIdentityResolver) {`
			`ctx := testcontext.New(t)`

			`source := &fakeSource{}`

			`resolver := newFakeIdentityResolver()`

			`log := zaptest.NewLogger(t)`
			`pool, err := trust.NewPool(log, resolver, trust.Config{`
			`Sources: []trust.Source{source},`
			`CachePath: ctx.File("trust-cache.json"),`
storagenode/satellites: address added, caching satellite's addresses from trust Change-Id: Ica3eea5b8d81b176c6a4385fea803730b08ece16 2021-07-08 10:14:15 +01:00			`}, nil)`
storagenode/trust: wire up list into pool - also updated ping chore to pick up trust changes - fixed small typo in blueprint - fixed flags for storj-sim - wired up changes to testplanet Change-Id: I02982f3a63a1b4150b82a009ee126b25ed51917d 2019-11-16 00:59:32 +00:00			`if err != nil {`
			`ctx.Cleanup()`
			`require.NoError(t, err)`
			`}`

			`return ctx, pool, source, resolver`
			`}`

			`type fakeIdentityResolver struct {`
			`mu sync.Mutex`
			`identities map[storj.NodeURL]*identity.PeerIdentity`
			`}`

			`func newFakeIdentityResolver() *fakeIdentityResolver {`
			`return &fakeIdentityResolver{`
			`identities: make(map[storj.NodeURL]*identity.PeerIdentity),`
			`}`
			`}`

			`func (resolver fakeIdentityResolver) SetIdentity(url storj.NodeURL, identity identity.PeerIdentity) {`
			`resolver.mu.Lock()`
			`defer resolver.mu.Unlock()`
			`resolver.identities[url] = identity`
			`}`

			`func (resolver fakeIdentityResolver) ResolveIdentity(ctx context.Context, url storj.NodeURL) (identity.PeerIdentity, error) {`
			`resolver.mu.Lock()`
			`defer resolver.mu.Unlock()`

			`identity := resolver.identities[url]`
			`if identity == nil {`
			`return nil, errors.New("no identity")`
			`}`
			`return identity, nil`
implement storj.NodeURL in trusted satellites (#2388) * implement storj.NodeURL in trusted satellites 2019-07-03 18:29:18 +01:00			`}`