def test_extensions_registered(patches, all_ext, metadata):
checker = extensions_check.ExtensionsChecker()
patched = patches(
("ExtensionsChecker.metadata", dict(new_callable=PropertyMock)),
("ExtensionsChecker.all_extensions", dict(new_callable=PropertyMock)),
"ExtensionsChecker.error",
prefix="tools.extensions.extensions_check")
with patched as (m_meta, m_all, m_error):
m_meta.return_value = {k: k for k in metadata}
m_all.return_value = set(all_ext)
checker.check_registered()
if set(all_ext) == set(metadata):
assert not m_error.called
return
only_metadata = set(metadata) - set(all_ext)
missing_metadata = set(all_ext) - set(metadata)
errors = []
for ext in only_metadata:
errors.append(f"Metadata for unused extension found: {ext}")
for ext in missing_metadata:
errors.append(f"Metadata missing for extension: {ext}")
assert (list(list(c)
for c in m_error.call_args_list) == [[('registered', [error]),
{}]
for error in errors])
def test_extensions_robust_to_downstream_count():
checker = extensions_check.ExtensionsChecker()
metadata_mock = patch(
"tools.extensions.extensions_check.ExtensionsChecker.metadata",
new_callable=PropertyMock)
metadata = dict(
foo0=dict(security_posture="robust_to_untrusted_downstream"),
bar0=dict(security_posture="robust_to_untrusted_downstream"),
baz0=dict(security_posture="robust_to_untrusted_downstream"),
foo1=dict(security_posture="NOT_robust_to_untrusted_downstream"),
bar1=dict(security_posture="NOT_robust_to_untrusted_downstream"),
baz1=dict(security_posture="NOT_robust_to_untrusted_downstream"),
foo0network=dict(security_posture="robust_to_untrusted_downstream"),
bar0network=dict(security_posture="robust_to_untrusted_downstream"),
baz0network=dict(security_posture="robust_to_untrusted_downstream"),
foo1network=dict(
security_posture="NOT_robust_to_untrusted_downstream"),
bar1network=dict(
security_posture="NOT_robust_to_untrusted_downstream"),
baz1network=dict(
security_posture="NOT_robust_to_untrusted_downstream"))
with metadata_mock as m_meta:
m_meta.return_value = metadata
assert checker.robust_to_downstream_count == 3
assert "robust_to_downstream_count" not in checker.__dict__
def test_extensions__check_metadata_status(status):
checker = extensions_check.ExtensionsChecker()
metadata_mock = patch(
"tools.extensions.extensions_check.ExtensionsChecker.metadata",
new_callable=PropertyMock)
checker.extension_status_values = ["A", "B", "C"]
with metadata_mock as m_meta:
m_meta.return_value.__getitem__.return_value.__getitem__.return_value = status
_result = checker._check_metadata_status("EXTENSION")
assert isinstance(_result, types.GeneratorType)
result = list(_result)
assert (list(m_meta.return_value.__getitem__.call_args) == [
('EXTENSION', ), {}
])
assert (list(
m_meta.return_value.__getitem__.return_value.__getitem__.call_args) ==
[('status', ), {}])
if status not in checker.extension_status_values:
assert result == [f'Unknown status for EXTENSION: {status}']
else:
assert result == []
def test_extensions_fuzzed_count(patches):
checker = extensions_check.ExtensionsChecker()
patched = patches("re",
"pathlib",
prefix="tools.extensions.extensions_check")
with patched as (m_re, m_path):
data = m_path.Path.return_value.read_text.return_value
data.splitlines.return_value.__getitem__.return_value = [
"FOO", "BAR", "BAZ"
]
m_re.findall.return_value = "X" * 23
assert checker.fuzzed_count == 23
assert (list(m_path.Path.call_args) == [
(extensions_check.FUZZ_TEST_PATH, ), {}
])
assert (list(m_path.Path.return_value.read_text.call_args) == [(), {}])
assert (list(data.splitlines.call_args) == [(), {}])
assert (list(data.splitlines.return_value.__getitem__.call_args) == [
(slice(None, 50, None), ), {}
])
assert (list(m_re.findall.call_args) == [
(extensions_check.FILTER_NAMES_PATTERN, 'FOOBARBAZ'), {}
])
assert "fuzzed_count" not in checker.__dict__
def test_extensions__check_metadata_security_posture(sec_posture):
checker = extensions_check.ExtensionsChecker()
metadata_mock = patch(
"tools.extensions.extensions_check.ExtensionsChecker.metadata",
new_callable=PropertyMock)
checker.extension_security_postures = ["A", "B", "C"]
with metadata_mock as m_meta:
m_meta.return_value.__getitem__.return_value.__getitem__.return_value = sec_posture
_result = checker._check_metadata_security_posture("EXTENSION")
assert isinstance(_result, types.GeneratorType)
result = list(_result)
assert (list(m_meta.return_value.__getitem__.call_args) == [
('EXTENSION', ), {}
])
assert (list(
m_meta.return_value.__getitem__.return_value.__getitem__.call_args) ==
[('security_posture', ), {}])
if not sec_posture:
assert (result == [
f"Missing security posture for EXTENSION. "
"Please make sure the target is an envoy_cc_extension and security_posture is set"
])
elif sec_posture not in checker.extension_security_postures:
assert (result == [
f"Unknown security posture for EXTENSION: {sec_posture}"
])
else:
assert result == []
def test_extensions_metadata(patches, is_dict):
checker = extensions_check.ExtensionsChecker()
patched = patches("isinstance",
"utils",
prefix="tools.extensions.extensions_check")
with patched as (m_inst, m_utils):
m_inst.return_value = is_dict
if is_dict:
assert (checker.metadata == m_utils.from_yaml.return_value)
else:
with pytest.raises(
extensions_check.ExtensionsConfigurationError) as e:
checker.metadata
assert (list(m_utils.from_yaml.call_args) == [
(extensions_check.METADATA_PATH, ), {}
])
if not is_dict:
assert (
e.value.args[0] ==
f'Unable to parse configuration: {extensions_check.METADATA_PATH}')
return
assert "metadata" in checker.__dict__
def test_extensions_check_metadata(patches, meta_errors):
checker = extensions_check.ExtensionsChecker()
patched = patches(
("ExtensionsChecker.metadata", dict(new_callable=PropertyMock)),
"ExtensionsChecker._check_metadata",
"ExtensionsChecker.error",
prefix="tools.extensions.extensions_check")
def _check(k):
if meta_errors[k]:
return k
with patched as (m_meta, m_check, m_error):
m_meta.return_value = meta_errors
m_check.side_effect = _check
checker.check_metadata()
assert (list(list(c) for c in m_check.call_args_list) == [[('foo', ), {}],
[('bar', ), {}],
[('baz', ), {}]])
if True in meta_errors.values():
assert (list(list(c)
for c in m_error.call_args_list) == [[('metadata', 'foo'),
{}],
[('metadata', 'baz'),
{}]])
else:
assert not m_error.called
def test_extensions_metadata(patches):
checker = extensions_check.ExtensionsChecker()
patched = patches("utils", prefix="tools.extensions.extensions_check")
with patched as (m_utils, ):
assert (checker.metadata == m_utils.from_yaml.return_value)
assert (list(m_utils.from_yaml.call_args) == [
(extensions_check.METADATA_PATH, ), {}
])
assert "metadata" in checker.__dict__
def test_extensions_checker_all_extensions():
checker = extensions_check.ExtensionsChecker()
exts_mock = patch(
"tools.extensions.extensions_check.ExtensionsChecker.configured_extensions",
new_callable=PropertyMock)
_configured = dict(foo="FOO", bar="BAR")
with exts_mock as m_exts:
m_exts.return_value = _configured
result = checker.all_extensions
assert (result == set(_configured.keys())
| set(extensions_check.BUILTIN_EXTENSIONS))
assert "all_extensions" in checker.__dict__
def test_extensions_metadata(patches):
checker = extensions_check.ExtensionsChecker()
patched = patches("open",
"yaml",
prefix="tools.extensions.extensions_check")
with patched as (m_open, m_yaml):
assert (checker.metadata == m_yaml.safe_load.return_value)
assert (list(m_open.call_args) == [(extensions_check.METADATA_PATH, ), {}])
assert (list(
m_open.return_value.__enter__.return_value.read.call_args) == [(), {}])
assert (list(m_yaml.safe_load.call_args) == [
(m_open.return_value.__enter__.return_value.read.return_value, ), {}
])
assert "metadata" in checker.__dict__
def test_extensions__check_metadata(patches):
checker = extensions_check.ExtensionsChecker()
patched = patches("ExtensionsChecker._check_metadata_categories",
"ExtensionsChecker._check_metadata_security_posture",
"ExtensionsChecker._check_metadata_status",
prefix="tools.extensions.extensions_check")
with patched as (m_cat, m_sec, m_status):
m_cat.return_value = ["CAT"]
m_sec.return_value = ["SEC"]
m_status.return_value = ["STATUS"]
assert (checker._check_metadata("EXTENSION") == [
'CAT', 'SEC', 'STATUS'
])
for _patch in (m_cat, m_sec, m_status):
assert (list(_patch.call_args) == [('EXTENSION', ), {}])
def test_extensions_checker_configured_extensions(patches, is_module,
is_loader):
checker = extensions_check.ExtensionsChecker()
patched = patches("isinstance",
"spec_from_loader",
"SourceFileLoader",
"module_from_spec",
prefix="tools.extensions.extensions_check")
def _is_instance(obj, types):
if types == ModuleSpec:
return is_module
return is_loader
with patched as (m_inst, m_spec, m_loader, m_module):
m_inst.side_effect = _is_instance
if is_module and is_loader:
assert (checker.configured_extensions ==
m_module.return_value.EXTENSIONS)
else:
with pytest.raises(
extensions_check.ExtensionsConfigurationError) as e:
checker.configured_extensions
assert (list(m_spec.call_args) == [('extensions_build_config',
m_loader.return_value), {}])
assert (list(m_loader.call_args) == [('extensions_build_config',
extensions_check.BUILD_CONFIG_PATH),
{}])
if not is_module:
assert not m_module.called
assert not m_spec.return_value.loader.exec_module.called
return
assert (list(m_module.call_args) == [(m_spec.return_value, ), {}])
if not is_loader:
assert not m_spec.return_value.loader.exec_module.called
return
assert (list(m_spec.return_value.loader.exec_module.call_args) == [
(m_module.return_value, ), {}
])
assert "configured_extensions" in checker.__dict__
def test_extensions_checker_all_extensions(patches):
checker = extensions_check.ExtensionsChecker()
patched = patches(("ExtensionsChecker.configured_extensions",
dict(new_callable=PropertyMock)),
("ExtensionsChecker.configured_contrib_extensions",
dict(new_callable=PropertyMock)),
prefix="tools.extensions.extensions_check")
configured_exts = {f"EXT{i}": f"EXT_DATA{i}" for i in range(0, 5)}
contrib_exts = {f"CONTRIB_EXT{i}": f"EXT_DATA{i}" for i in range(0, 3)}
with patched as (m_exts, m_contrib):
m_exts.return_value = configured_exts
m_contrib.return_value = contrib_exts
result = checker.all_extensions
assert (result == (set(configured_exts.keys())
| set(extensions_check.BUILTIN_EXTENSIONS)
| set(contrib_exts.keys())))
assert "all_extensions" in checker.__dict__
def test_extensions_checker_configured_extensions(patches, exts):
checker = extensions_check.ExtensionsChecker()
patched = patches(
"json",
"pathlib", ("ExtensionsChecker.args", dict(new_callable=PropertyMock)),
prefix="tools.extensions.extensions_check")
attr = ("configured_%s_extensions" %
exts if exts else "configured_extensions")
config = ("%s_build_config" % exts if exts else "build_config")
with patched as (m_json, m_plib, m_args):
assert (getattr(checker, attr) == m_json.loads.return_value)
assert (m_json.loads.call_args == [
(m_plib.Path.return_value.read_text.return_value, ), {}
])
assert (m_plib.Path.call_args == [(getattr(m_args.return_value, config), ),
{}])
assert (m_plib.Path.return_value.read_text.call_args == [(), {}])
assert attr in checker.__dict__
def test_extensions_checker_configured_extensions(patches):
checker = extensions_check.ExtensionsChecker()
patched = patches("spec_from_loader",
"SourceFileLoader",
"module_from_spec",
prefix="tools.extensions.extensions_check")
with patched as (m_spec, m_loader, m_module):
assert (
checker.configured_extensions == m_module.return_value.EXTENSIONS)
assert (list(m_spec.call_args) == [('extensions_build_config',
m_loader.return_value), {}])
assert (list(m_loader.call_args) == [('extensions_build_config',
extensions_check.BUILD_CONFIG_PATH),
{}])
assert (list(m_module.call_args) == [(m_spec.return_value, ), {}])
assert (list(m_spec.return_value.loader.exec_module.call_args) == [
(m_module.return_value, ), {}
])
assert "configured_extensions" in checker.__dict__
def test_extensions__check_metadata_categories(ext_cats, all_cats):
checker = extensions_check.ExtensionsChecker()
metadata_mock = patch(
"tools.extensions.extensions_check.ExtensionsChecker.metadata",
new_callable=PropertyMock)
checker.extension_categories = all_cats
with metadata_mock as m_meta:
m_meta.return_value.__getitem__.return_value.get.return_value = ext_cats
_result = checker._check_metadata_categories("EXTENSION")
assert isinstance(_result, types.GeneratorType)
result = list(_result)
assert (list(m_meta.return_value.__getitem__.call_args) == [
('EXTENSION', ), {}
])
assert (list(
m_meta.return_value.__getitem__.return_value.get.call_args) == [
('categories', ()), {}
])
if not ext_cats:
assert (result == [
'Missing extension category for EXTENSION. '
'Please make sure the target is an envoy_cc_extension and category is set'
])
return
wrong_cats = [cat for cat in ext_cats if cat not in all_cats]
if wrong_cats:
assert (result == [
f'Unknown extension category for EXTENSION: {cat}. '
'Please add it to tools/extensions/extensions_check.py'
for cat in wrong_cats
])
return
assert result == []
def test_extensions_check_fuzzed(patches, robust):
checker = extensions_check.ExtensionsChecker()
patched = patches(
("ExtensionsChecker.robust_to_downstream_count",
dict(new_callable=PropertyMock)),
("ExtensionsChecker.fuzzed_count", dict(new_callable=PropertyMock)),
"ExtensionsChecker.error",
prefix="tools.extensions.extensions_check")
with patched as (m_robust, m_fuzzed, m_error):
m_fuzzed.return_value = "FUZZED_COUNT"
m_robust.return_value = robust
checker.check_fuzzed()
ERR_MESSAGE = (
"Check that all network filters robust against untrusted downstreams are fuzzed "
f"by adding them to filterNames() in {extensions_check.FUZZ_TEST_PATH}"
)
if robust != "FUZZED_COUNT":
assert (list(m_error.call_args) == [('fuzzed', [ERR_MESSAGE]), {}])
else:
assert not m_error.called
def test_extensions_checker_constructor():
checker = extensions_check.ExtensionsChecker()
assert checker.checks == ("registered", "fuzzed", "metadata")
assert checker.extension_categories == extensions_check.EXTENSION_CATEGORIES
