public async Task SignatureEnforcementMode_PassesWhenAllTasksAreSigned()
{
try
{
// Arrange
SetupL1();
FakeConfigurationStore fakeConfigurationStore = GetMockedService <FakeConfigurationStore>();
AgentSettings settings = fakeConfigurationStore.GetSettings();
settings.Fingerprint = _fingerprint;
fakeConfigurationStore.UpdateSettings(settings);
var message = LoadTemplateMessage();
message.Steps.Clear();
message.Steps.Add(GetSignedTask());
// Act
var results = await RunWorker(message);
// Assert
FakeJobServer fakeJobServer = GetMockedService <FakeJobServer>();
Console.WriteLine(Newtonsoft.Json.JsonConvert.SerializeObject(fakeJobServer.Timelines));
AssertJobCompleted();
Assert.Equal(TaskResult.Succeeded, results.Result);
}
finally
{
TearDown();
}
}
public async Task SignatureVerification_Disabled()
{
try
{
// Arrange
SetupL1();
FakeConfigurationStore fakeConfigurationStore = GetMockedService <FakeConfigurationStore>();
AgentSettings settings = fakeConfigurationStore.GetSettings();
settings.SignatureVerification = new SignatureVerificationSettings()
{
Mode = SignatureVerificationMode.None,
Fingerprints = new List <string>()
{
"BAD"
}
};
fakeConfigurationStore.UpdateSettings(settings);
var message = LoadTemplateMessage();
message.Steps.Clear();
message.Steps.Add(GetSignedTask());
// Act
var results = await RunWorker(message);
// Assert
AssertJobCompleted();
Assert.Equal(TaskResult.Succeeded, results.Result);
}
finally
{
TearDown();
}
}
public async Task SignatureVerification_PassesWhenAllTasksAreSigned(bool useFingerprintList, bool useTopLevelFingerprint)
{
try
{
// Arrange
SetupL1();
FakeConfigurationStore fakeConfigurationStore = GetMockedService <FakeConfigurationStore>();
AgentSettings settings = fakeConfigurationStore.GetSettings();
settings.SignatureVerification = new SignatureVerificationSettings()
{
Mode = SignatureVerificationMode.Error
};
if (useFingerprintList)
{
settings.SignatureVerification.Fingerprints = new List <string>()
{
_fingerprint
};
}
else if (useTopLevelFingerprint)
{
settings.Fingerprint = _fingerprint;
}
fakeConfigurationStore.UpdateSettings(settings);
var message = LoadTemplateMessage();
message.Steps.Clear();
message.Steps.Add(GetSignedTask());
// Act
var results = await RunWorker(message);
// Assert
FakeJobServer fakeJobServer = GetMockedService <FakeJobServer>();
AssertJobCompleted();
Assert.Equal(TaskResult.Succeeded, results.Result);
}
finally
{
TearDown();
}
}
public async Task SignatureVerification_Warning(bool writeToBlobstorageService)
{
try
{
// Arrange
SetupL1();
FakeConfigurationStore fakeConfigurationStore = GetMockedService <FakeConfigurationStore>();
AgentSettings settings = fakeConfigurationStore.GetSettings();
settings.SignatureVerification = new SignatureVerificationSettings()
{
Mode = SignatureVerificationMode.Warning,
Fingerprints = new List <string>()
{
"BAD"
}
};
fakeConfigurationStore.UpdateSettings(settings);
var message = LoadTemplateMessage();
message.Steps.Clear();
message.Steps.Add(GetSignedTask());
message.Variables.Add("agent.LogToBlobstorageService", writeToBlobstorageService.ToString());
// Act
var results = await RunWorker(message);
// Assert
AssertJobCompleted();
Assert.Equal(TaskResult.Succeeded, results.Result);
var steps = GetSteps();
var log = GetTimelineLogLines(steps[1]);
Assert.Equal(1, log.Where(x => x.Contains("##[warning]Task signature verification failed.")).Count());
}
finally
{
TearDown();
}
}
public async Task SignatureEnforcementMode_FailsWhenTasksArentSigned()
{
try
{
// Arrange
SetupL1();
FakeConfigurationStore fakeConfigurationStore = GetMockedService <FakeConfigurationStore>();
AgentSettings settings = fakeConfigurationStore.GetSettings();
settings.Fingerprint = _fingerprint;
fakeConfigurationStore.UpdateSettings(settings);
var message = LoadTemplateMessage();
// Act
var results = await RunWorker(message);
// Assert
AssertJobCompleted();
Assert.Equal(TaskResult.Failed, results.Result);
}
finally
{
TearDown();
}
}