sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-19 16:56:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
279e96e6b155a31fba73a8bc80b3280cdd917663
netbird/management/server/posture/disk_encryption_test.go
mlsmaycon 279e96e6b1 add disk encryption check
2026-01-17 19:56:50 +01:00

307 lines
6.2 KiB
Go
Raw Blame History

package posture
import (
"context"
"testing"
"github.com/stretchr/testify/assert"
"github.com/netbirdio/netbird/management/server/peer"
)
func TestDiskEncryptionCheck_Check(t *testing.T) {
tests := []struct {
name string
input peer.Peer
check DiskEncryptionCheck
wantErr bool
isValid bool
}{
{
name: "linux with encrypted root",
input: peer.Peer{
Meta: peer.PeerSystemMeta{
GoOS: "linux",
DiskEncryption: peer.DiskEncryptionInfo{
Volumes: []peer.DiskEncryptionVolume{
{Path: "/", Encrypted: true},
{Path: "/home", Encrypted: true},
},
},
},
},
check: DiskEncryptionCheck{
LinuxPath: "/",
},
wantErr: false,
isValid: true,
},
{
name: "linux with unencrypted root",
input: peer.Peer{
Meta: peer.PeerSystemMeta{
GoOS: "linux",
DiskEncryption: peer.DiskEncryptionInfo{
Volumes: []peer.DiskEncryptionVolume{
{Path: "/", Encrypted: false},
{Path: "/home", Encrypted: true},
},
},
},
},
check: DiskEncryptionCheck{
LinuxPath: "/",
},
wantErr: false,
isValid: false,
},
{
name: "linux with no volume info",
input: peer.Peer{
Meta: peer.PeerSystemMeta{
GoOS: "linux",
DiskEncryption: peer.DiskEncryptionInfo{},
},
},
check: DiskEncryptionCheck{
LinuxPath: "/",
},
wantErr: false,
isValid: false,
},
{
name: "darwin with encrypted root",
input: peer.Peer{
Meta: peer.PeerSystemMeta{
GoOS: "darwin",
DiskEncryption: peer.DiskEncryptionInfo{
Volumes: []peer.DiskEncryptionVolume{
{Path: "/", Encrypted: true},
},
},
},
},
check: DiskEncryptionCheck{
DarwinPath: "/",
},
wantErr: false,
isValid: true,
},
{
name: "darwin with unencrypted root",
input: peer.Peer{
Meta: peer.PeerSystemMeta{
GoOS: "darwin",
DiskEncryption: peer.DiskEncryptionInfo{
Volumes: []peer.DiskEncryptionVolume{
{Path: "/", Encrypted: false},
},
},
},
},
check: DiskEncryptionCheck{
DarwinPath: "/",
},
wantErr: false,
isValid: false,
},
{
name: "windows with encrypted C drive",
input: peer.Peer{
Meta: peer.PeerSystemMeta{
GoOS: "windows",
DiskEncryption: peer.DiskEncryptionInfo{
Volumes: []peer.DiskEncryptionVolume{
{Path: "C:", Encrypted: true},
{Path: "D:", Encrypted: false},
},
},
},
},
check: DiskEncryptionCheck{
WindowsPath: "C:",
},
wantErr: false,
isValid: true,
},
{
name: "windows with unencrypted C drive",
input: peer.Peer{
Meta: peer.PeerSystemMeta{
GoOS: "windows",
DiskEncryption: peer.DiskEncryptionInfo{
Volumes: []peer.DiskEncryptionVolume{
{Path: "C:", Encrypted: false},
{Path: "D:", Encrypted: true},
},
},
},
},
check: DiskEncryptionCheck{
WindowsPath: "C:",
},
wantErr: false,
isValid: false,
},
{
name: "unsupported ios operating system",
input: peer.Peer{
Meta: peer.PeerSystemMeta{
GoOS: "ios",
},
},
check: DiskEncryptionCheck{
LinuxPath: "/",
DarwinPath: "/",
WindowsPath: "C:",
},
wantErr: false,
isValid: false,
},
{
name: "unsupported android operating system",
input: peer.Peer{
Meta: peer.PeerSystemMeta{
GoOS: "android",
},
},
check: DiskEncryptionCheck{
LinuxPath: "/",
DarwinPath: "/",
WindowsPath: "C:",
},
wantErr: false,
isValid: false,
},
{
name: "linux peer with no linux path configured passes",
input: peer.Peer{
Meta: peer.PeerSystemMeta{
GoOS: "linux",
DiskEncryption: peer.DiskEncryptionInfo{
Volumes: []peer.DiskEncryptionVolume{
{Path: "/", Encrypted: false},
},
},
},
},
check: DiskEncryptionCheck{
DarwinPath: "/",
WindowsPath: "C:",
},
wantErr: false,
isValid: true,
},
{
name: "darwin peer with no darwin path configured passes",
input: peer.Peer{
Meta: peer.PeerSystemMeta{
GoOS: "darwin",
DiskEncryption: peer.DiskEncryptionInfo{
Volumes: []peer.DiskEncryptionVolume{
{Path: "/", Encrypted: false},
},
},
},
},
check: DiskEncryptionCheck{
LinuxPath: "/",
WindowsPath: "C:",
},
wantErr: false,
isValid: true,
},
{
name: "windows peer with no windows path configured passes",
input: peer.Peer{
Meta: peer.PeerSystemMeta{
GoOS: "windows",
DiskEncryption: peer.DiskEncryptionInfo{
Volumes: []peer.DiskEncryptionVolume{
{Path: "C:", Encrypted: false},
},
},
},
},
check: DiskEncryptionCheck{
LinuxPath: "/",
DarwinPath: "/",
},
wantErr: false,
isValid: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
isValid, err := tt.check.Check(context.Background(), tt.input)
if tt.wantErr {
assert.Error(t, err)
} else {
assert.NoError(t, err)
}
assert.Equal(t, tt.isValid, isValid)
})
}
}
func TestDiskEncryptionCheck_Validate(t *testing.T) {
testCases := []struct {
name string
check DiskEncryptionCheck
expectedError bool
}{
{
name: "valid linux, darwin and windows paths",
check: DiskEncryptionCheck{
LinuxPath: "/",
DarwinPath: "/",
WindowsPath: "C:",
},
expectedError: false,
},
{
name: "valid linux path only",
check: DiskEncryptionCheck{
LinuxPath: "/",
},
expectedError: false,
},
{
name: "valid darwin path only",
check: DiskEncryptionCheck{
DarwinPath: "/",
},
expectedError: false,
},
{
name: "valid windows path only",
check: DiskEncryptionCheck{
WindowsPath: "C:",
},
expectedError: false,
},
{
name: "invalid empty paths",
check: DiskEncryptionCheck{},
expectedError: true,
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
err := tc.check.Validate()
if tc.expectedError {
assert.Error(t, err)
} else {
assert.NoError(t, err)
}
})
}
}
func TestDiskEncryptionCheck_Name(t *testing.T) {
check := DiskEncryptionCheck{}
assert.Equal(t, DiskEncryptionCheckName, check.Name())
}
Reference in New Issue View Git Blame Copy Permalink