Add test coverage reporting. Remove some dead code.

elonen · Aug 30, 2024 · e44261c · e44261c
1 parent bf8c912
commit e44261c
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 181 deletions.
diff --git a/.gitignore b/.gitignore
@@ -4,6 +4,10 @@ dist/
 dist_deb
 build/
 
+.coverage
+coverage.xml
+htmlcov
+
 .DS_Store
 
 *.pickle

diff --git a/hsm_secrets/ssh/openssh/signing.py b/hsm_secrets/ssh/openssh/signing.py
@@ -73,12 +73,12 @@ def sign_ssh_cert(cert: OpenSSHCertificate, private_key: PrivateKey) -> None:
 
 # ----------
 
+'''
 def verify_ssh_cert(cert: OpenSSHCertificate) -> bool:
     """
     Verify an SSH certificate with a public key.
 
     :param cert: The SSH certificate to verify
-    :param encoded_public_key: The public key to verify the certificate with (in OpenSSH format: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB...")
     :return: True if the certificate is verified, False otherwise
     """
     try:
@@ -147,3 +147,4 @@ def verify_ssh_cert(cert: OpenSSHCertificate) -> bool:
     except cryptography.exceptions.InvalidSignature as e:
         return False
 
+'''
diff --git a/hsm_secrets/ssh/openssh/ssh_certificate_test.py b/hsm_secrets/ssh/openssh/ssh_certificate_test.py
diff --git a/hsm_secrets/ssh/ssh_utils.py → hsm_secrets/ssh/yubihsm_ssh_structs.py b/hsm_secrets/ssh/ssh_utils.py → hsm_secrets/ssh/yubihsm_ssh_structs.py
@@ -1,3 +1,6 @@
+# Functions for OpenSSH certificates and templates for YubiHSM2
+# Not used in the current version of the project, but kept for reference
+'''
 from __future__ import absolute_import, division
 
 from math import floor
@@ -9,7 +12,6 @@
 
 from cryptography.hazmat.primitives.asymmetric import (ed25519, rsa)
 
-
 def create_template(ts_public_key: rsa.RSAPublicKey | ed25519.Ed25519PublicKey,
                     key_whitelist: Sequence[int],
                     not_before: int,
@@ -175,3 +177,4 @@ def pack_options(options: Sequence[tuple[str, bytes]]) -> bytes:
     req += pack_bytes(packed_type_and_key)
 
     return req
+'''
diff --git a/run-tests.sh b/run-tests.sh
@@ -7,7 +7,8 @@ trap "rm -rf $TEMPDIR" EXIT
 
 cp hsm-conf.yml $TEMPDIR/
 MOCKDB="$TEMPDIR/mock.pickle"
-CMD="./_venv/bin/hsm-secrets -c $TEMPDIR/hsm-conf.yml --mock $MOCKDB"
+#CMD="./_venv/bin/hsm-secrets -c $TEMPDIR/hsm-conf.yml --mock $MOCKDB"
+CMD="./_venv/bin/coverage run --parallel-mode --source=hsm_secrets ./_venv/bin/hsm-secrets -c $TEMPDIR/hsm-conf.yml --mock $MOCKDB"
 
 
 # Helpers for `expect` calls:
@@ -81,7 +82,7 @@ EOF
 
 test_pytest() {
     ./_venv/bin/pip install pytest
-    ./_venv/bin/pytest -v hsm_secrets
+    ./_venv/bin/pytest --cov=hsm_secrets --cov-append --cov-report='' -v hsm_secrets
 }
 
 test_fresh_device() {
@@ -445,6 +446,10 @@ run_test() {
     rm -f $MOCKDB
 }
 
+# Reset previous coverage files before accumulating new data
+./_venv/bin/pip install coverage pytest-cov
+rm -f .coverage .coverage.*
+
 echo "Running tests:"
 run_test test_pytest
 run_test test_fresh_device
@@ -460,4 +465,13 @@ run_test test_piv_user_certificate_csr
 run_test test_piv_dc_certificate
 run_test test_logging_commands
 
-echo "All tests passed successfully!"
+echo "---"
+
+echo "Running coverage report:"
+./_venv/bin/coverage combine --append
+./_venv/bin/coverage report
+./_venv/bin/coverage html
+./_venv/bin/coverage xml
+
+echo "---"
+echo "OK. All tests passed successfully!"