From d16d59a8b33ae52d0554353c2e54654c48d3e72a Mon Sep 17 00:00:00 2001 From: Philippe Boneff Date: Thu, 8 Aug 2024 12:19:12 +0000 Subject: [PATCH] raise an error if the createStorage function doesn't exist or fails --- personalities/sctfe/instance.go | 5 ++- personalities/sctfe/instance_test.go | 51 +++++++++++++++++++++++----- 2 files changed, 46 insertions(+), 10 deletions(-) diff --git a/personalities/sctfe/instance.go b/personalities/sctfe/instance.go index 0988051c..376312db 100644 --- a/personalities/sctfe/instance.go +++ b/personalities/sctfe/instance.go @@ -154,9 +154,12 @@ func setUpLogInfo(ctx context.Context, opts InstanceOptions) (*logInfo, error) { timeSource := new(SystemTimeSource) ctSigner := NewCTSigner(signer, vCfg.Config.Origin, logID, timeSource) + if opts.CreateStorage == nil { + return nil, fmt.Errorf("failed to initiate storage backend: nil createStorage") + } storage, err := opts.CreateStorage(ctx, opts.Validated, ctSigner) if err != nil { - return nil, fmt.Errorf("failed to create storage backend: %v", err) + return nil, fmt.Errorf("failed to initiate storage backend: %v", err) } logInfo := newLogInfo(opts, validationOpts, signer, timeSource, storage) diff --git a/personalities/sctfe/instance_test.go b/personalities/sctfe/instance_test.go index 2b7e7580..88f9bed0 100644 --- a/personalities/sctfe/instance_test.go +++ b/personalities/sctfe/instance_test.go @@ -51,9 +51,10 @@ func TestSetUpInstance(t *testing.T) { wrongPassPrivKey := mustMarshalAny(&keyspb.PEMKeyFile{Path: "./testdata/ct-http-server.privkey.pem", Password: "dirkly"}) var tests = []struct { - desc string - cfg *configpb.LogConfig - wantErr string + desc string + cfg *configpb.LogConfig + ctStorage func(context.Context, *ValidatedLogConfig, note.Signer) (*CTStorage, error) + wantErr string }{ { desc: "valid", @@ -63,6 +64,7 @@ func TestSetUpInstance(t *testing.T) { PrivateKey: privKey, StorageConfig: &configpb.LogConfig_Gcp{Gcp: &configpb.GCPConfig{Bucket: "bucket", SpannerDbPath: "spanner"}}, }, + ctStorage: fakeCTStorage, }, { desc: "no-roots", @@ -71,7 +73,8 @@ func TestSetUpInstance(t *testing.T) { PrivateKey: privKey, StorageConfig: &configpb.LogConfig_Gcp{Gcp: &configpb.GCPConfig{Bucket: "bucket", SpannerDbPath: "spanner"}}, }, - wantErr: "specify RootsPemFile", + ctStorage: fakeCTStorage, + wantErr: "specify RootsPemFile", }, { desc: "missing-root-cert", @@ -81,7 +84,8 @@ func TestSetUpInstance(t *testing.T) { PrivateKey: privKey, StorageConfig: &configpb.LogConfig_Gcp{Gcp: &configpb.GCPConfig{Bucket: "bucket", SpannerDbPath: "spanner"}}, }, - wantErr: "failed to read trusted roots", + ctStorage: fakeCTStorage, + wantErr: "failed to read trusted roots", }, { desc: "missing-privkey", @@ -91,7 +95,8 @@ func TestSetUpInstance(t *testing.T) { PrivateKey: missingPrivKey, StorageConfig: &configpb.LogConfig_Gcp{Gcp: &configpb.GCPConfig{Bucket: "bucket", SpannerDbPath: "spanner"}}, }, - wantErr: "failed to load private key", + ctStorage: fakeCTStorage, + wantErr: "failed to load private key", }, { desc: "privkey-wrong-password", @@ -101,7 +106,8 @@ func TestSetUpInstance(t *testing.T) { PrivateKey: wrongPassPrivKey, StorageConfig: &configpb.LogConfig_Gcp{Gcp: &configpb.GCPConfig{Bucket: "bucket", SpannerDbPath: "spanner"}}, }, - wantErr: "failed to load private key", + ctStorage: fakeCTStorage, + wantErr: "failed to load private key", }, { desc: "valid-ekus-1", @@ -112,6 +118,7 @@ func TestSetUpInstance(t *testing.T) { ExtKeyUsages: []string{"Any"}, StorageConfig: &configpb.LogConfig_Gcp{Gcp: &configpb.GCPConfig{Bucket: "bucket", SpannerDbPath: "spanner"}}, }, + ctStorage: fakeCTStorage, }, { desc: "valid-ekus-2", @@ -122,6 +129,7 @@ func TestSetUpInstance(t *testing.T) { ExtKeyUsages: []string{"Any", "ServerAuth", "TimeStamping"}, StorageConfig: &configpb.LogConfig_Gcp{Gcp: &configpb.GCPConfig{Bucket: "bucket", SpannerDbPath: "spanner"}}, }, + ctStorage: fakeCTStorage, }, { desc: "valid-reject-ext", @@ -132,6 +140,7 @@ func TestSetUpInstance(t *testing.T) { RejectExtensions: []string{"1.2.3.4", "5.6.7.8"}, StorageConfig: &configpb.LogConfig_Gcp{Gcp: &configpb.GCPConfig{Bucket: "bucket", SpannerDbPath: "spanner"}}, }, + ctStorage: fakeCTStorage, }, { desc: "invalid-reject-ext", @@ -142,7 +151,31 @@ func TestSetUpInstance(t *testing.T) { RejectExtensions: []string{"1.2.3.4", "one.banana.two.bananas"}, StorageConfig: &configpb.LogConfig_Gcp{Gcp: &configpb.GCPConfig{Bucket: "bucket", SpannerDbPath: "spanner"}}, }, - wantErr: "one", + ctStorage: fakeCTStorage, + wantErr: "one", + }, + { + desc: "missing-create-storage", + cfg: &configpb.LogConfig{ + Origin: "log", + RootsPemFile: []string{"./testdata/fake-ca.cert"}, + PrivateKey: privKey, + StorageConfig: &configpb.LogConfig_Gcp{Gcp: &configpb.GCPConfig{Bucket: "bucket", SpannerDbPath: "spanner"}}, + }, + wantErr: "failed to initiate storage backend", + }, + { + desc: "failing-create-storage", + cfg: &configpb.LogConfig{ + Origin: "log", + RootsPemFile: []string{"./testdata/fake-ca.cert"}, + PrivateKey: privKey, + StorageConfig: &configpb.LogConfig_Gcp{Gcp: &configpb.GCPConfig{Bucket: "bucket", SpannerDbPath: "spanner"}}, + }, + ctStorage: func(_ context.Context, _ *ValidatedLogConfig, _ note.Signer) (*CTStorage, error) { + return nil, fmt.Errorf("I failed") + }, + wantErr: "failed to initiate storage backend", }, } @@ -152,7 +185,7 @@ func TestSetUpInstance(t *testing.T) { if err != nil { t.Fatalf("ValidateLogConfig(): %v", err) } - opts := InstanceOptions{Validated: vCfg, Deadline: time.Second, MetricFactory: monitoring.InertMetricFactory{}, CreateStorage: fakeCTStorage} + opts := InstanceOptions{Validated: vCfg, Deadline: time.Second, MetricFactory: monitoring.InertMetricFactory{}, CreateStorage: test.ctStorage} if _, err := SetUpInstance(ctx, opts); err != nil { if test.wantErr == "" {