github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-09-29 11:16:30 +03:00
Code Issues Packages Projects Releases Wiki Activity

Aug_23_2023-Dev

Browse Source
This commit is contained in:
Ned Wright
2023-08-23 14:15:32 +00:00
parent 702c1184ea
commit b25fd8def5
115 changed files with 8292 additions and 1189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
components/security_apps/orchestration/service_controller/service_controller.cc
View File

@@ -269,13 +269,13 @@ class ServiceController::Impl
public:
void init();
bool
Maybe<void>
updateServiceConfiguration(
const string &new_policy_path,
const string &new_settings_path,
const vector<string> &new_data_files,
const string &tenant_id,
const string &profile_id,
const string &child_tenant_id,
const string &child_profile_id,
const bool last_iteration
) override;
@@ -291,6 +291,7 @@ public:
void refreshPendingServices() override;
const string & getPolicyVersion() const override;
const string & getUpdatePolicyVersion() const override;
const string & getPolicyVersions() const override;
void updateReconfStatus(int id, ReconfStatus status) override;
void startReconfStatus(
int id,
@@ -308,9 +309,11 @@ public:
private:
void cleanUpVirtualFiles();
bool sendSignalForServices(const set<string> &nano_services_to_update, const string &policy_version);
Maybe<void> sendSignalForServices(
const set<string> &nano_services_to_update,
const string &policy_version_to_update);
bool updateServiceConfigurationFile(
Maybe<void> updateServiceConfigurationFile(
const string &configuration_name,
const string &configuration_file_path,
const string &new_configuration_path);
@@ -326,10 +329,12 @@ private:
void writeRegisteredServicesToFile();
bool backupConfigurationFile(const string &configuration_file_path);
bool createDirectoryForChildTenant(const string &child_tenant_id, const string &child_profile_id) const;
int configuration_id = 0;
map<string, ServiceDetails> registered_services;
map<string, ServiceDetails> pending_services;
string policy_versions;
string policy_version;
string update_policy_version;
string settings_path;
@@ -657,14 +662,45 @@ ServiceController::Impl::backupConfigurationFile(const string &config_file_path)
}
bool
ServiceController::Impl::createDirectoryForChildTenant(
const string &child_tenant_id,
const string &child_profile_id) const
{
if (child_tenant_id == "") return true;
auto orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<ServiceController>();
string dir = getConfigurationWithDefault<string>(
filesystem_prefix + "/conf",
"orchestration",
"Configuration directory"
);
dir = dir + "/tenant_" + child_tenant_id + "_profile_" + child_profile_id;
if (orchestration_tools->doesDirectoryExist(dir)) return true;
if (!orchestration_tools->createDirectory(dir)) {
dbgError(D_ORCHESTRATOR)
<< "Failed to create configuration directory for tenant "
<< child_tenant_id;
return false;
}
dbgTrace(D_ORCHESTRATOR) << "Created new configuration directory for tenant " << child_tenant_id;
return true;
}
Maybe<void>
ServiceController::Impl::updateServiceConfiguration(
const string &new_policy_path,
const string &new_settings_path,
const vector<string> &new_data_files,
const string &tenant_id,
const string &profile_id,
const string &child_tenant_id,
const string &child_profile_id,
const bool last_iteration)
{
string tenant_and_profile_ids = "";
if (!child_tenant_id.empty()) {
tenant_and_profile_ids = " Child tenant id: " + child_tenant_id + ", Child profile id: " + child_profile_id;
}
dbgFlow(D_ORCHESTRATOR)
<< "new_policy_path: "
<< new_policy_path
@@ -672,10 +708,8 @@ ServiceController::Impl::updateServiceConfiguration(
<< new_settings_path
<< ", new_data_files: "
<< makeSeparatedStr(new_data_files, ",")
<< ". tenant_id: "
<< tenant_id
<< ". profile_id: "
<< profile_id;
<< "."
<< tenant_and_profile_ids;
if (!new_settings_path.empty()) {
settings_path = new_settings_path;
@@ -704,8 +738,9 @@ ServiceController::Impl::updateServiceConfiguration(
if (new_policy_path == "") {
dbgDebug(D_ORCHESTRATOR) << "Policy file was not updated. Sending reload command regarding settings and data";
return sendSignalForServices(nano_services_to_update, "");
auto signal_services = sendSignalForServices(nano_services_to_update, "");
if (!signal_services.ok()) return signal_services.passErr();
return Maybe<void>();
}
Maybe<string> loaded_policy_json = orchestration_tools->readFile(new_policy_path);
@@ -716,14 +751,13 @@ ServiceController::Impl::updateServiceConfiguration(
<< ". Error: "
<< loaded_policy_json.getErr();
return false;
return genError("Failed to load new file: " + new_policy_path + ". Error: " + loaded_policy_json.getErr());
}
auto all_security_policies = orchestration_tools->jsonObjectSplitter(
loaded_policy_json.unpack(),
tenant_id,
profile_id
child_tenant_id,
child_profile_id
);
if (!all_security_policies.ok()) {
@@ -733,12 +767,18 @@ ServiceController::Impl::updateServiceConfiguration(
<< ". Error: "
<< all_security_policies.getErr();
return false;
return genError("Failed to parse json file: " +
new_policy_path +
". Error: " +
all_security_policies.getErr()
);
}
bool was_policy_updated = true;
const string version_param = "version";
const string versions_param = "versions";
string version_value;
string send_signal_for_services_err;
for (auto &single_policy : all_security_policies.unpack()) {
if (single_policy.first == version_param) {
@@ -747,33 +787,27 @@ ServiceController::Impl::updateServiceConfiguration(
update_policy_version = version_value;
continue;
}
if (child_tenant_id.empty() && single_policy.first == versions_param) {
//In a multi-tenant env, only the parent should handle the versions parameter
policy_versions = single_policy.second;
dbgWarning(D_ORCHESTRATOR) << "Found versions parameter in policy file:" << policy_versions;
}
dbgDebug(D_ORCHESTRATOR) << "Starting to update policy file. Policy type: " << single_policy.first;
string dir = getConfigurationWithDefault<string>(
filesystem_prefix + "/conf",
"orchestration",
"Configuration directory"
);
if (tenant_id != "") {
dir = dir + "/tenant_" + tenant_id + "_profile_" + profile_id;
if (!orchestration_tools->doesDirectoryExist(dir)) {
if (orchestration_tools->createDirectory(dir)) {
dbgTrace(D_ORCHESTRATOR) << "Created new configuration directory for tenant " << tenant_id;
} else {
dbgError(D_ORCHESTRATOR) << "Failed to create configuration directory for tenant "<< tenant_id;
return false;
}
}
if (!createDirectoryForChildTenant(child_tenant_id, child_profile_id)) {
dbgWarning(D_ORCHESTRATOR)
<< "Failed to create directory for child. Tenant id: " << child_tenant_id
<< ", Profile id: " << child_profile_id;
return genError("Failed to create directory for child tenant");
}
string policy_file_path =
getPolicyConfigPath(
single_policy.first,
Config::ConfigFileType::Policy,
tenant_id,
profile_id
child_tenant_id,
child_profile_id
);
auto update_config_result = updateServiceConfigurationFile(
@@ -782,8 +816,11 @@ ServiceController::Impl::updateServiceConfiguration(
single_policy.second
);
if (!update_config_result) {
dbgWarning(D_ORCHESTRATOR) << "Failed to update policy file. Policy name: " << single_policy.first;
if (!update_config_result.ok()) {
send_signal_for_services_err = "Failed to update policy file. Policy name: " +
single_policy.first +
". Error: " +
update_config_result.getErr();
was_policy_updated = false;
continue;
}
@@ -798,10 +835,10 @@ ServiceController::Impl::updateServiceConfiguration(
OrchestrationStatusConfigType::POLICY
);
if (tenant_id != "") {
if (child_tenant_id != "") {
auto instances = Singleton::Consume<I_TenantManager>::by<ServiceController>()->getInstances(
tenant_id,
profile_id
child_tenant_id,
child_profile_id
);
for (const auto &instance_id: instances) {
auto relevant_service = registered_services.find(instance_id);
@@ -823,18 +860,20 @@ ServiceController::Impl::updateServiceConfiguration(
}
// In a multi-tenant env, we send the signal to the services only on the last iteration
was_policy_updated &= (is_multi_tenant_env && !last_iteration) ?
true :
sendSignalForServices(nano_services_to_update, version_value);
if (!is_multi_tenant_env || last_iteration) {
auto is_send_signal_for_services = sendSignalForServices(nano_services_to_update, version_value);
was_policy_updated &= is_send_signal_for_services.ok();
if (!is_send_signal_for_services.ok()) send_signal_for_services_err = is_send_signal_for_services.getErr();
}
dbgTrace(D_ORCHESTRATOR) << "was policy updated: " << (was_policy_updated ? "true" : "false");
if (was_policy_updated) {
string config_file_path;
string base_path =
filesystem_prefix + "/conf/" +
(tenant_id != "" ? "tenant_" + tenant_id + "_profile_" + profile_id + "/" : "");
config_file_path = getConfigurationWithDefault<string>(
(child_tenant_id != "" ? "tenant_" + child_tenant_id + "_profile_" + child_profile_id + "/" : "");
string config_file_path = getConfigurationWithDefault<string>(
base_path + "policy.json",
"orchestration",
"Policy file path"
@@ -843,12 +882,12 @@ ServiceController::Impl::updateServiceConfiguration(
if (new_policy_path.compare(config_file_path) == 0) {
dbgDebug(D_ORCHESTRATOR) << "Enforcing the default policy file";
policy_version = version_value;
return true;
return Maybe<void>();
}
if (!backupConfigurationFile(config_file_path)) {
dbgWarning(D_ORCHESTRATOR) << "Failed to backup the policy file.";
return false;
return genError("Failed to backup the policy file.");
}
policy_version = version_value;
@@ -856,17 +895,18 @@ ServiceController::Impl::updateServiceConfiguration(
// Save the new configuration file.
if (!orchestration_tools->copyFile(new_policy_path, config_file_path)) {
dbgWarning(D_ORCHESTRATOR) << "Failed to save the policy file.";
return false;
return genError("Failed to save the policy file.");
}
}
return was_policy_updated;
if (!was_policy_updated && !send_signal_for_services_err.empty()) return genError(send_signal_for_services_err);
return Maybe<void>();
}
bool
Maybe<void>
ServiceController::Impl::sendSignalForServices(
const set<string> &nano_services_to_update,
const string &policy_version)
const string &policy_version_to_update)
{
dbgFlow(D_ORCHESTRATOR);
for (auto &service_id : nano_services_to_update) {
@@ -877,7 +917,7 @@ ServiceController::Impl::sendSignalForServices(
}
++configuration_id;
auto reconf_status = nano_service->second.sendNewConfigurations(configuration_id, policy_version);
auto reconf_status = nano_service->second.sendNewConfigurations(configuration_id, policy_version_to_update);
if (reconf_status == ReconfStatus::INACTIVE) {
dbgWarning(D_ORCHESTRATOR) << "Erasing details regarding inactive service " << service_id;
@@ -889,7 +929,7 @@ ServiceController::Impl::sendSignalForServices(
dbgDebug(D_ORCHESTRATOR) << "The reconfiguration failed for serivce: " << service_id;
services_reconf_status.clear();
services_reconf_names.clear();
return false;
return genError("The reconfiguration failed for serivce: " + service_id);
}
}
@@ -910,7 +950,7 @@ ServiceController::Impl::sendSignalForServices(
dbgDebug(D_ORCHESTRATOR) << "The reconfiguration was successfully completed for all the services";
services_reconf_status.clear();
services_reconf_names.clear();
return true;
return Maybe<void>();
}
case ReconfStatus::IN_PROGRESS: {
dbgTrace(D_ORCHESTRATOR) << "Reconfiguration in progress...";
@@ -918,8 +958,10 @@ ServiceController::Impl::sendSignalForServices(
break;
}
case ReconfStatus::FAILED: {
vector<string> failed_services_vec;
for(auto &status : services_reconf_status) {
if (status.second == ReconfStatus::FAILED) {
failed_services_vec.push_back(services_reconf_names[status.first]);
dbgDebug(D_ORCHESTRATOR)
<< "The reconfiguration failed for serivce "
<< services_reconf_names[status.first];
@@ -927,13 +969,16 @@ ServiceController::Impl::sendSignalForServices(
}
services_reconf_status.clear();
services_reconf_names.clear();
return false;
string failed_services = makeSeparatedStr(failed_services_vec, ", ");
return genError("The reconfiguration failed for serivces: " + failed_services);
}
case ReconfStatus::INACTIVE: {
dbgError(D_ORCHESTRATOR) << "Reached inactive state in the middle of reconfiguration!";
services_reconf_status.clear();
services_reconf_names.clear();
return false;
return genError("Reached inactive state in the middle of reconfiguration!");
}
}
}
@@ -941,10 +986,10 @@ ServiceController::Impl::sendSignalForServices(
dbgDebug(D_ORCHESTRATOR) << "The reconfiguration has reached a timeout";
services_reconf_status.clear();
services_reconf_names.clear();
return false;
return genError("The reconfiguration has reached a timeout");
}
bool
Maybe<void>
ServiceController::Impl::updateServiceConfigurationFile(
const string &configuration_name,
const string &configuration_file_path,
@@ -959,7 +1004,7 @@ ServiceController::Impl::updateServiceConfigurationFile(
bool service_changed = old_configuration.unpack().compare(new_configuration_path) != 0;
if (service_changed == false) {
dbgDebug(D_ORCHESTRATOR) << "There is no update for policy file: " << configuration_file_path;
return true;
return Maybe<void>();
}
dbgDebug(D_ORCHESTRATOR)
<< "Starting to update " << configuration_file_path << " to " << new_configuration_path;
@@ -972,7 +1017,7 @@ ServiceController::Impl::updateServiceConfigurationFile(
dbgDebug(D_ORCHESTRATOR) << "Backup of policy file has been created in: " << configuration_file_path;
} else {
dbgWarning(D_ORCHESTRATOR) << "Failed to backup policy file";
return false;
return genError("Failed to backup policy file");
}
} else {
dbgWarning(D_ORCHESTRATOR)
@@ -981,7 +1026,12 @@ ServiceController::Impl::updateServiceConfigurationFile(
<< ". Error: "
<< old_configuration.getErr();
return false;
return genError(
"Failed to read current policy file " +
configuration_file_path +
". Error: " +
old_configuration.getErr()
);
}
}
@@ -989,12 +1039,12 @@ ServiceController::Impl::updateServiceConfigurationFile(
dbgDebug(D_ORCHESTRATOR) << "New policy file has been saved in: " << configuration_file_path;
} else {
dbgWarning(D_ORCHESTRATOR) << "Failed to save new policy file";
return false;
return genError("Failed to save new policy file");
}
dbgInfo(D_ORCHESTRATOR) << "Successfully updated policy file: " << configuration_file_path;
return true;
return Maybe<void>();
}
ServiceController::ServiceController() : Component("ServiceController"), pimpl(make_unique<Impl>()) {}
@@ -1013,6 +1063,12 @@ ServiceController::Impl::getPolicyVersion() const
return policy_version;
}
const string &
ServiceController::Impl::getPolicyVersions() const
{
return policy_versions;
}
const string &
ServiceController::Impl::getUpdatePolicyVersion() const
{

158
components/security_apps/orchestration/service_controller/service_controller_ut/service_controller_ut.cc
View File

@@ -251,6 +251,7 @@ TEST_F(ServiceControllerTest, UpdateConfiguration)
setServiceConfiguration("l4_firewall", l4_firewall_policy_path, OrchestrationStatusConfigType::POLICY));
EXPECT_EQ(i_service_controller->getPolicyVersion(), "");
EXPECT_EQ(i_service_controller->getPolicyVersions(), "");
EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
.WillOnce(Return(true));
@@ -288,8 +289,123 @@ TEST_F(ServiceControllerTest, UpdateConfiguration)
)
).WillRepeatedly(Return(string("registered and running")));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, general_settings_path));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, general_settings_path).ok());
EXPECT_EQ(i_service_controller->getPolicyVersion(), version_value);
EXPECT_EQ(i_service_controller->getPolicyVersions(), "");
EXPECT_EQ(i_service_controller->getUpdatePolicyVersion(), version_value);
}
TEST_F(ServiceControllerTest, supportVersions)
{
string versions = "["
" {"
" \"id\" : \"40c4a460-eb24-f002-decb-f4a7f00423fc\","
" \"name\" : \"Linux Embedded Agents\","
" \"version\" : 1"
" },"
" {"
" \"id\" : \"93788960-6969-11ee-be56-0242ac120002\","
" \"name\" : \"Linux SUPER Embedded Agents\","
" \"version\" : 420"
" }"
"]";
string new_configuration = "{"
" \"version\": \"" + version_value + "\""
" \"versions\": " + versions +
" \"l4_firewall\":"
" {"
" \"app\": \"netfilter\","
" \"l4_firewall_rules\": ["
" {"
" \"name\": \"allow_statefull_conns\","
" \"flags\": [\"established\"],"
" \"action\": \"accept\""
" },"
" {"
" \"name\": \"icmp drop\","
" \"flags\": [\"log\"],"
" \"services\": [{\"name\":\"icmp\"}],"
" \"action\": \"drop\""
" }"
" ]"
" }"
"}";
string l4_firewall = "{"
" \"app\": \"netfilter\","
" \"l4_firewall_rules\": ["
" {"
" \"name\": \"allow_statefull_conns\","
" \"flags\": [\"established\"],"
" \"action\": \"accept\""
" },"
" {"
" \"name\": \"icmp drop\","
" \"flags\": [\"log\"],"
" \"services\": [{\"name\":\"icmp\"}],"
" \"action\": \"drop\""
" }"
" ]"
"}";
string policy_versions_path = "/etc/cp/conf/versions/versions.policy";
Maybe<map<string, string>> json_parser_return =
map<string, string>({{"l4_firewall", l4_firewall}, {"version", version_value}, {"versions", versions}});
EXPECT_CALL(mock_orchestration_tools, readFile(file_name)).WillOnce(Return(new_configuration));
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _))
.WillOnce(Return(json_parser_return));
EXPECT_CALL(mock_orchestration_tools, doesFileExist(policy_versions_path)).WillOnce(Return(false));
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(false));
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, writeFile(versions, policy_versions_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_status,
setServiceConfiguration("versions", policy_versions_path, OrchestrationStatusConfigType::POLICY));
EXPECT_CALL(mock_orchestration_status,
setServiceConfiguration("l4_firewall", l4_firewall_policy_path, OrchestrationStatusConfigType::POLICY));
EXPECT_EQ(i_service_controller->getPolicyVersion(), "");
EXPECT_EQ(i_service_controller->getPolicyVersions(), "");
EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, doesFileExist(policy_file_path)).WillOnce(Return(true));
string general_settings_path = "/my/settings/path";
string reply_msg = "{\"id\": 1, \"error\": false, \"finished\": true, \"error_message\": \"\"}";
Flags<MessageConnConfig> conn_flags;
conn_flags.setFlag(MessageConnConfig::ONE_TIME_CONN);
EXPECT_CALL(
mock_message,
sendMessage(
true,
"{\n \"id\": 1,\n \"policy_version\": \"1.0.2\"\n}",
I_Messaging::Method::POST,
string("127.0.0.1"),
l4_firewall_service_port,
conn_flags,
string("/set-new-configuration"),
string(),
_,
MessageTypeTag::GENERIC
)
).WillOnce(Return(Maybe<string>(reply_msg)));
EXPECT_CALL(
mock_shell_cmd,
getExecOutput(
"/etc/cp/watchdog/cp-nano-watchdog --status --verbose --service mock access control"
" --family family1 --id id2",
_,
_
)
).WillRepeatedly(Return(string("registered and running")));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, general_settings_path).ok());
EXPECT_EQ(i_service_controller->getPolicyVersion(), version_value);
EXPECT_EQ(i_service_controller->getPolicyVersions(), versions);
EXPECT_EQ(i_service_controller->getUpdatePolicyVersion(), version_value);
}
@@ -393,7 +509,7 @@ TEST_F(ServiceControllerTest, TimeOutUpdateConfiguration)
)
).WillOnce(Return(Maybe<string>(reply_msg)));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, general_settings_path));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, general_settings_path).ok());
EXPECT_EQ(i_service_controller->getPolicyVersion(), version_value);
EXPECT_EQ(i_service_controller->getUpdatePolicyVersion(), version_value);
}
@@ -501,7 +617,7 @@ TEST_F(ServiceControllerTest, writeRegisteredServicesFromFile)
)
).WillRepeatedly(Return(string("registered and running")));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, general_settings_path));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, general_settings_path).ok());
EXPECT_EQ(i_service_controller->getPolicyVersion(), version_value);
EXPECT_EQ(i_service_controller->getUpdatePolicyVersion(), version_value);
EXPECT_EQ(orchestrationRegisteredServicesFileToString(registered_services_file_path), expected_json);
@@ -641,7 +757,7 @@ TEST_F(ServiceControllerTest, noPolicyUpdate)
)
).WillRepeatedly(Return(string("registered and running")));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, ""));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, "").ok());
EXPECT_EQ(i_service_controller->getPolicyVersion(), version_value);
}
@@ -734,7 +850,7 @@ TEST_F(ServiceControllerTest, SettingsAndPolicyUpdateCombinations)
).WillOnce(Return(Maybe<string>(reply_msg1)));
// both policy and settings now being updated
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, general_settings_path));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, general_settings_path).ok());
EXPECT_EQ(i_service_controller->getPolicyVersion(), version_value);
EXPECT_EQ(i_service_controller->getUpdatePolicyVersion(), version_value);
@@ -771,7 +887,7 @@ TEST_F(ServiceControllerTest, SettingsAndPolicyUpdateCombinations)
)
).WillRepeatedly(Return(Maybe<string>(reply_msg2)));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, general_settings_path));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, general_settings_path).ok());
EXPECT_EQ(i_service_controller->getPolicyVersion(), version_value);
}
@@ -884,7 +1000,7 @@ TEST_F(ServiceControllerTest, backup)
).WillOnce(Return(Maybe<string>(reply_msg)));
EXPECT_EQ(i_service_controller->getPolicyVersion(), "");
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, ""));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, "").ok());
EXPECT_EQ(i_service_controller->getPolicyVersion(), version_value);
}
@@ -999,7 +1115,7 @@ TEST_F(ServiceControllerTest, backup_file_doesnt_exist)
).WillOnce(Return(Maybe<string>(reply_msg)));
EXPECT_EQ(i_service_controller->getPolicyVersion(), "");
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, ""));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, "").ok());
EXPECT_EQ(i_service_controller->getPolicyVersion(), version_value);
}
@@ -1117,7 +1233,7 @@ TEST_F(ServiceControllerTest, backupAttempts)
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, doesFileExist(policy_file_path)).WillOnce(Return(true));
EXPECT_EQ(i_service_controller->getPolicyVersion(), "");
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, ""));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, "").ok());
EXPECT_EQ(i_service_controller->getPolicyVersion(), version_value);
}
@@ -1231,7 +1347,7 @@ TEST_F(ServiceControllerTest, MultiUpdateConfiguration)
)
).WillOnce(Return(Maybe<string>(reply_msg)));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, ""));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, "").ok());
set<string> changed_policies = {
"/etc/cp/conf/l4_firewall/l4_firewall.policy",
"/etc/cp/conf/orchestration/orchestration.policy"
@@ -1249,7 +1365,7 @@ TEST_F(ServiceControllerTest, badJsonFile)
{
Maybe<string> err = genError("Error");
EXPECT_CALL(mock_orchestration_tools, readFile(file_name)).Times(1).WillRepeatedly(Return(err));
EXPECT_FALSE(i_service_controller->updateServiceConfiguration(file_name, ""));
EXPECT_FALSE(i_service_controller->updateServiceConfiguration(file_name, "").ok());
}
TEST_F(ServiceControllerTest, emptyServices)
@@ -1266,7 +1382,7 @@ TEST_F(ServiceControllerTest, emptyServices)
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, doesFileExist(policy_file_path)).WillOnce(Return(true));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, ""));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, "").ok());
}
TEST_F(ServiceControllerTest, failingWhileLoadingCurrentConfiguration)
@@ -1317,7 +1433,7 @@ TEST_F(ServiceControllerTest, failingWhileLoadingCurrentConfiguration)
.WillOnce(Return(json_parser_return));
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, readFile(l4_firewall_policy_path)).WillOnce(Return(err));
EXPECT_FALSE(i_service_controller->updateServiceConfiguration(file_name, ""));
EXPECT_FALSE(i_service_controller->updateServiceConfiguration(file_name, "").ok());
}
TEST_F(ServiceControllerTest, failingWhileCopyingCurrentConfiguration)
@@ -1392,7 +1508,7 @@ TEST_F(ServiceControllerTest, failingWhileCopyingCurrentConfiguration)
).WillOnce(Return(false));
EXPECT_EQ(i_service_controller->getPolicyVersion(), "");
EXPECT_FALSE(i_service_controller->updateServiceConfiguration(file_name, ""));
EXPECT_FALSE(i_service_controller->updateServiceConfiguration(file_name, "").ok());
EXPECT_EQ(i_service_controller->getPolicyVersion(), "");
}
@@ -1468,7 +1584,7 @@ TEST_F(ServiceControllerTest, ErrorUpdateConfigurationRest)
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, doesFileExist(policy_file_path)).WillOnce(Return(true));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, ""));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, "").ok());
EXPECT_THAT(
capture_debug.str(),
HasSubstr("Service mock access control is inactive")
@@ -1554,7 +1670,7 @@ TEST_F(ServiceControllerTest, errorWhileWrtingNewConfiguration)
writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(false)
);
EXPECT_FALSE(i_service_controller->updateServiceConfiguration(file_name, ""));
EXPECT_FALSE(i_service_controller->updateServiceConfiguration(file_name, "").ok());
}
TEST_F(ServiceControllerTest, testPortsRest)
@@ -1690,7 +1806,13 @@ TEST_F(ServiceControllerTest, testMultitenantConfFiles)
).WillRepeatedly(Return(string("registered and running")));
EXPECT_TRUE(
i_service_controller->updateServiceConfiguration(conf_file_name, settings_file_name, {}, tenant, profile)
i_service_controller->updateServiceConfiguration(
conf_file_name,
settings_file_name,
{},
tenant,
profile
).ok()
);
}
}
@@ -1821,7 +1943,7 @@ TEST_F(ServiceControllerTest, test_delayed_reconf)
EXPECT_CALL(mock_ml, yield(chrono::microseconds(2000000))).WillOnce(Invoke(func));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, general_settings_path));
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, general_settings_path).ok());
EXPECT_EQ(i_service_controller->getPolicyVersion(), version_value);
EXPECT_EQ(i_service_controller->getUpdatePolicyVersion(), version_value);
}