Skip to content

Latest commit

 

History

History
102 lines (62 loc) · 3.33 KB

developers.adoc

File metadata and controls

102 lines (62 loc) · 3.33 KB
Raw

Developer Guide

Running actions by hand

If you want to poke around the system a little bit more, here is an example of running actions that make up a sequence by hand, so you can inspect the output of each phase:

$ wsk action invoke lookup-github-users-aws-keys --blocking --result > lookup-github-users-aws-keys.json
$ wsk action invoke github-user-events-scanner --param-file lookup-github-users-aws-keys.json --blocking --result > github-user-events-scanner.json
$ wsk action invoke nuke-leaked-aws-keys --param-file github-user-events-scanner.json --blocking --result

Generating mocks

First run go install to make sure that the latest compiled code is in $GOPATH/pkg

$ go install

Generate the testing mocks via:

$ ./generate.sh

Which mocks are generated is controlled by the //go:generate goautomock that are in certain files.

Generating bindata

Install go-bindata and run:

$ go-bindata testdata/

and then hand-modify bindata.go to change the package name from mainkeynuker

Testing related Environment Variables

Table 1. Environment variables
Variable Example Description

KEYNUKER_INTEGRATION_TESTS_ENABLED

true

Controls whether integration tests are enabled. Defaults to false.

KEYNUKER_GITHUB_LEAK_TARGET_REPO

keynuker-integration-tests

A private github repo that will be created by the test itself, where live AWS keys will be leaked. If danger zone warnings sings are flashing, they should be. This is potentially dangerous.

Test Suite

The entire test suite is composed of:

  • Tests that only run as self-contained unit tests (some with mocks)

  • Tests that only run as integration tests against live Github / AWS services

  • Tests that can run either as an integration test or a unit test against mocks

Integration tests

WARNING: this leaks live AWS keys in a private repo

Running the integration tests is potentially dangerous. It will create, leak, and nuke live AWS keys (just the key, not the secret). It has been designed to be as safe as possible, but you are encouraged to do a thorough security review before running this, and to always make sure that everything has been properly cleaned up afterwards.

Required Environment Variables

To run integration tests, you need to set the KEYNUKER_INTEGRATION_TESTS_ENABLED environment variable to true.

You will also need the following environment variables, some of which are described in [Environment variables] :

  • KEYNUKER_TARGET_AWS_ACCOUNTS (NOTE: it only uses the 1st aws account listed when running integration tests)

  • KEYNUKER_GITHUB_LEAK_TARGET_REPO

  • KEYNUKER_GITHUB_ACCESS_TOKEN (NOTE: requires more permissions than the one listed in the [Environment variables], since it needs to create repos. TODO: document the exact permissions needed)

  • KEYNUKER_GITHUB_ORGS (NOTE: the user that owns the KEYNUKER_GITHUB_ACCESS_TOKEN must be a member of one of at least one of the github orgs listed here)

  • KEYNUKER_DB_HOST

  • KEYNUKER_DB_NAME

  • KEYNUKER_DB_KEY

  • KEYNUKER_DB_SECRET_KEY

Run Integration Tests

$ go test -v

Manual Cleanup

Unfortunately the integration tests still leave some residue that require manual cleanup.

  • Document with ID of TestDoc in the database

  • Github issues with (hopefully nuked) AWS keys