Merge pull request #1595 from RedisInsight/be/feature/RI-3974_ssh_tunnel

#RI-3974 UTests

Author: arthosofteq

.circleci/config.yml

@@ -88,6 +88,7 @@ aliases:
     - mods-preview        # OSS Standalone and all preview modules
     - oss-st-6-tls        # OSS Standalone v6 with TLS enabled
     - oss-st-6-tls-auth   # OSS Standalone v6 with TLS auth required
+    - oss-st-6-tls-auth-ssh   # OSS Standalone v6 with TLS auth required through ssh
     - oss-clu             # OSS Cluster
     - oss-clu-tls         # OSS Cluster with TLS enabled
     - oss-sent            # OSS Sentinel

redisinsight/api/config/default.ts

@@ -55,7 +55,7 @@ export default {
     staticContent: !!process.env.SERVER_STATIC_CONTENT || false,
     buildType: process.env.BUILD_TYPE || 'ELECTRON',
     appVersion: process.env.APP_VERSION || '2.0.0',
-    requestTimeout: parseInt(process.env.REQUEST_TIMEOUT, 10) || 10000,
+    requestTimeout: parseInt(process.env.REQUEST_TIMEOUT, 10) || 25000,
     excludeRoutes: [],
     excludeAuthRoutes: [],
   },

redisinsight/api/src/__mocks__/common.ts

@@ -54,6 +54,7 @@ export const mockRepository = jest.fn(() => ({
   findOneBy: jest.fn(),
   find: jest.fn(),
   findByIds: jest.fn(),
+  merge: jest.fn(),
   create: jest.fn(),
   save: jest.fn(),
   insert: jest.fn(),

redisinsight/api/src/__mocks__/databases.ts

@@ -9,6 +9,12 @@ import { pick } from 'lodash';
 import { RedisDatabaseInfoResponse } from 'src/modules/database/dto/redis-info.dto';
 import { DatabaseOverview } from 'src/modules/database/models/database-overview';
 import { ClientContext, ClientMetadata } from 'src/common/models';
+import {
+  mockSshOptionsBasic,
+  mockSshOptionsBasicEntity,
+  mockSshOptionsPrivateKey,
+  mockSshOptionsPrivateKeyEntity,
+} from 'src/__mocks__/ssh';
 
 export const mockDatabaseId = 'a77b23c1-7816-4ea4-b61f-d37795a0f805-db-id';
 
@@ -34,6 +40,29 @@ export const mockDatabaseEntity = Object.assign(new DatabaseEntity(), {
   encryption: null,
 });
 
+export const mockDatabaseWithSshBasic = Object.assign(new Database(), {
+  ...mockDatabase,
+  ssh: true,
+  sshOptions: mockSshOptionsBasic,
+});
+
+export const mockDatabaseWithSshBasicEntity = Object.assign(new DatabaseEntity(), {
+  ...mockDatabaseWithSshBasic,
+  encryption: null,
+  sshOptions: mockSshOptionsBasicEntity,
+});
+
+export const mockDatabaseWithSshPrivateKey = Object.assign(new Database(), {
+  ...mockDatabase,
+  ssh: true,
+  sshOptions: mockSshOptionsPrivateKey,
+});
+
+export const mockDatabaseWithSshPrivateKeyEntity = Object.assign(new DatabaseEntity(), {
+  ...mockDatabaseWithSshPrivateKey,
+  sshOptions: mockSshOptionsPrivateKeyEntity,
+});
+
 export const mockDatabaseWithAuth = Object.assign(new Database(), {
   ...mockDatabase,
   username: 'some username',
@@ -181,6 +210,7 @@ export const mockDatabaseService = jest.fn(() => ({
 
 export const mockDatabaseConnectionService = jest.fn(() => ({
   getOrCreateClient: jest.fn().mockResolvedValue(mockIORedisClient),
+  createClient: jest.fn().mockResolvedValue(mockIORedisClient),
 }));
 
 export const mockDatabaseInfoProvider = jest.fn(() => ({

redisinsight/api/src/__mocks__/index.ts

@@ -18,3 +18,4 @@ export * from './redis-enterprise';
 export * from './redis-sentinel';
 export * from './database-import';
 export * from './redis-client';
+export * from './ssh';

redisinsight/api/src/__mocks__/ssh.ts

@@ -0,0 +1,49 @@
+import { EncryptionStrategy } from 'src/modules/encryption/models';
+import { SshOptions } from 'src/modules/ssh/models/ssh-options';
+import { SshOptionsEntity } from 'src/modules/ssh/entities/ssh-options.entity';
+
+export const mockSshOptionsId = 'a77b23c1-7816-4ea4-b61f-d37795a0f805-ssh-id';
+
+export const mockSshOptionsUsernamePlain = 'ssh-username';
+export const mockSshOptionsUsernameEncrypted = 'ssh.username.ENCRYPTED';
+export const mockSshOptionsPasswordPlain = 'ssh-password';
+export const mockSshOptionsPasswordEncrypted = 'ssh.password.ENCRYPTED';
+export const mockSshOptionsPrivateKeyPlain = '-----BEGIN OPENSSH PRIVATE KEY-----\nssh-private-key';
+export const mockSshOptionsPrivateKeyEncrypted = 'ssh.privateKey.ENCRYPTED';
+export const mockSshOptionsPassphrasePlain = 'ssh-passphrase';
+export const mockSshOptionsPassphraseEncrypted = 'ssh.passphrase.ENCRYPTED';
+
+export const mockSshOptionsBasic = Object.assign(new SshOptions(), {
+  id: mockSshOptionsId,
+  host: 'ssh.host.test',
+  port: 22,
+  username: mockSshOptionsUsernamePlain,
+  password: mockSshOptionsPasswordPlain,
+  privateKey: null,
+  passphrase: null,
+});
+
+export const mockSshOptionsBasicEntity = Object.assign(new SshOptionsEntity(), {
+  ...mockSshOptionsBasic,
+  username: mockSshOptionsUsernameEncrypted,
+  password: mockSshOptionsPasswordEncrypted,
+  encryption: EncryptionStrategy.KEYTAR,
+});
+
+export const mockSshOptionsPrivateKey = Object.assign(new SshOptions(), {
+  ...mockSshOptionsBasic,
+  password: null,
+  privateKey: mockSshOptionsPrivateKeyPlain,
+  passphrase: mockSshOptionsPassphrasePlain,
+});
+
+export const mockSshOptionsPrivateKeyEntity = Object.assign(new SshOptionsEntity(), {
+  ...mockSshOptionsBasicEntity,
+  password: null,
+  privateKey: mockSshOptionsPrivateKeyEncrypted,
+  passphrase: mockSshOptionsPassphraseEncrypted,
+});
+
+export const mockSshTunnelProvider = jest.fn(() => {
+
+});

redisinsight/api/src/modules/database/database.analytics.spec.ts

@@ -79,8 +79,11 @@ describe('DatabaseAnalytics', () => {
   });
 
   describe('sendInstanceAddedEvent', () => {
-    it('should emit event with enabled tls and sni', () => {
-      service.sendInstanceAddedEvent(mockDatabaseWithTlsAuth, mockRedisGeneralInfo);
+    it('should emit event with enabled tls and sni, and ssh', () => {
+      service.sendInstanceAddedEvent({
+        ...mockDatabaseWithTlsAuth,
+        ssh: true,
+      }, mockRedisGeneralInfo);
 
       expect(sendEventSpy).toHaveBeenCalledWith(
         TelemetryEvents.RedisInstanceAdded,
@@ -92,6 +95,7 @@ describe('DatabaseAnalytics', () => {
           verifyTLSCertificate: 'enabled',
           useTLSAuthClients: 'enabled',
           useSNI: 'enabled',
+          useSSH: 'enabled',
           version: mockRedisGeneralInfo.version,
           numberOfKeys: mockRedisGeneralInfo.totalKeys,
           numberOfKeysRange: '0 - 500 000',
@@ -119,6 +123,7 @@ describe('DatabaseAnalytics', () => {
           verifyTLSCertificate: 'disabled',
           useTLSAuthClients: 'disabled',
           useSNI: 'disabled',
+          useSSH: 'disabled',
           version: mockRedisGeneralInfo.version,
           numberOfKeys: mockRedisGeneralInfo.totalKeys,
           numberOfKeysRange: '0 - 500 000',
@@ -148,6 +153,7 @@ describe('DatabaseAnalytics', () => {
           verifyTLSCertificate: 'enabled',
           useTLSAuthClients: 'enabled',
           useSNI: 'enabled',
+          useSSH: 'disabled',
           version: mockRedisGeneralInfo.version,
           numberOfKeys: undefined,
           numberOfKeysRange: undefined,

redisinsight/api/src/modules/database/database.analytics.ts

@@ -60,6 +60,7 @@ export class DatabaseAnalytics extends TelemetryBaseService {
           useSNI: instance?.tlsServername
             ? 'enabled'
             : 'disabled',
+          useSSH: instance?.ssh ? 'enabled' : 'disabled',
           version: additionalInfo?.version,
           numberOfKeys: additionalInfo?.totalKeys,
           numberOfKeysRange: getRangeForNumber(additionalInfo?.totalKeys, TOTAL_KEYS_BREAKPOINTS),

redisinsight/api/src/modules/database/repositories/local.database.repository.spec.ts

@@ -5,19 +5,37 @@ import { getRepositoryToken } from '@nestjs/typeorm';
 import { Repository } from 'typeorm';
 import {
   mockCaCertificateRepository,
-  mockClientCertificateRepository, mockClusterDatabaseWithTlsAuth, mockClusterDatabaseWithTlsAuthEntity,
+  mockClientCertificateRepository,
+  mockClusterDatabaseWithTlsAuth,
+  mockClusterDatabaseWithTlsAuthEntity,
   mockDatabase,
   mockDatabaseEntity,
   mockDatabaseId,
   mockDatabasePasswordEncrypted,
   mockDatabasePasswordPlain,
   mockDatabaseSentinelMasterPasswordEncrypted,
   mockDatabaseSentinelMasterPasswordPlain,
-  mockDatabaseWithTls, mockDatabaseWithTlsAuth,
+  mockDatabaseWithSshBasic,
+  mockDatabaseWithSshBasicEntity,
+  mockDatabaseWithSshPrivateKey,
+  mockDatabaseWithSshPrivateKeyEntity,
+  mockDatabaseWithTls,
+  mockDatabaseWithTlsAuth,
   mockDatabaseWithTlsAuthEntity,
   mockDatabaseWithTlsEntity,
   mockEncryptionService,
-  mockRepository, mockSentinelDatabaseWithTlsAuth, mockSentinelDatabaseWithTlsAuthEntity,
+  mockRepository,
+  mockSentinelDatabaseWithTlsAuth,
+  mockSentinelDatabaseWithTlsAuthEntity,
+  mockSshOptionsBasicEntity,
+  mockSshOptionsPassphraseEncrypted,
+  mockSshOptionsPassphrasePlain,
+  mockSshOptionsPasswordEncrypted,
+  mockSshOptionsPasswordPlain,
+  mockSshOptionsPrivateKeyEncrypted, mockSshOptionsPrivateKeyEntity,
+  mockSshOptionsPrivateKeyPlain,
+  mockSshOptionsUsernameEncrypted,
+  mockSshOptionsUsernamePlain,
   MockType,
 } from 'src/__mocks__';
 import { EncryptionService } from 'src/modules/encryption/encryption.service';
@@ -26,6 +44,7 @@ import { DatabaseEntity } from 'src/modules/database/entities/database.entity';
 import { CaCertificateRepository } from 'src/modules/certificate/repositories/ca-certificate.repository';
 import { ClientCertificateRepository } from 'src/modules/certificate/repositories/client-certificate.repository';
 import { cloneClassInstance } from 'src/utils';
+import { SshOptionsEntity } from 'src/modules/ssh/entities/ssh-options.entity';
 
 const listFields = [
   'id', 'name', 'host', 'port', 'db',
@@ -36,6 +55,7 @@ describe('LocalDatabaseRepository', () => {
   let service: LocalDatabaseRepository;
   let encryptionService: MockType<EncryptionService>;
   let repository: MockType<Repository<DatabaseEntity>>;
+  let sshOptionsRepository: MockType<Repository<SshOptionsEntity>>;
   let caCertRepository: MockType<CaCertificateRepository>;
   let clientCertRepository: MockType<ClientCertificateRepository>;
 
@@ -49,6 +69,10 @@ describe('LocalDatabaseRepository', () => {
           provide: getRepositoryToken(DatabaseEntity),
           useFactory: mockRepository,
         },
+        {
+          provide: getRepositoryToken(SshOptionsEntity),
+          useFactory: mockRepository,
+        },
         {
           provide: EncryptionService,
           useFactory: mockEncryptionService,
@@ -65,6 +89,7 @@ describe('LocalDatabaseRepository', () => {
     }).compile();
 
     repository = await module.get(getRepositoryToken(DatabaseEntity));
+    sshOptionsRepository = await module.get(getRepositoryToken(SshOptionsEntity));
     caCertRepository = await module.get(CaCertificateRepository);
     clientCertRepository = await module.get(ClientCertificateRepository);
     encryptionService = await module.get(EncryptionService);
@@ -83,7 +108,15 @@ describe('LocalDatabaseRepository', () => {
       .calledWith(mockDatabasePasswordEncrypted, jasmine.anything())
       .mockResolvedValue(mockDatabasePasswordPlain)
       .calledWith(mockDatabaseSentinelMasterPasswordEncrypted, jasmine.anything())
-      .mockResolvedValue(mockDatabaseSentinelMasterPasswordPlain);
+      .mockResolvedValue(mockDatabaseSentinelMasterPasswordPlain)
+      .calledWith(mockSshOptionsUsernameEncrypted, jasmine.anything())
+      .mockResolvedValue(mockSshOptionsUsernamePlain)
+      .calledWith(mockSshOptionsPasswordEncrypted, jasmine.anything())
+      .mockResolvedValue(mockSshOptionsPasswordPlain)
+      .calledWith(mockSshOptionsPrivateKeyEncrypted, jasmine.anything())
+      .mockResolvedValue(mockSshOptionsPrivateKeyPlain)
+      .calledWith(mockSshOptionsPassphraseEncrypted, jasmine.anything())
+      .mockResolvedValue(mockSshOptionsPassphrasePlain);
     when(encryptionService.encrypt)
       .calledWith(mockDatabasePasswordPlain)
       .mockResolvedValue({
@@ -94,6 +127,26 @@ describe('LocalDatabaseRepository', () => {
       .mockResolvedValue({
         data: mockDatabaseSentinelMasterPasswordEncrypted,
         encryption: mockDatabaseWithTlsAuthEntity.encryption,
+      })
+      .calledWith(mockSshOptionsUsernamePlain)
+      .mockResolvedValue({
+        data: mockSshOptionsUsernameEncrypted,
+        encryption: mockSshOptionsBasicEntity.encryption,
+      })
+      .calledWith(mockSshOptionsPasswordPlain)
+      .mockResolvedValue({
+        data: mockSshOptionsPasswordEncrypted,
+        encryption: mockSshOptionsBasicEntity.encryption,
+      })
+      .calledWith(mockSshOptionsPrivateKeyPlain)
+      .mockResolvedValue({
+        data: mockSshOptionsPrivateKeyEncrypted,
+        encryption: mockSshOptionsPrivateKeyEntity.encryption,
+      })
+      .calledWith(mockSshOptionsPassphrasePlain)
+      .mockResolvedValue({
+        data: mockSshOptionsPassphraseEncrypted,
+        encryption: mockSshOptionsPrivateKeyEntity.encryption,
       });
   });
 
@@ -117,6 +170,24 @@ describe('LocalDatabaseRepository', () => {
       expect(clientCertRepository.get).not.toHaveBeenCalled();
     });
 
+    it('should return standalone database model with ssh enabled (basic)', async () => {
+      repository.findOneBy.mockResolvedValue(mockDatabaseWithSshBasicEntity);
+      const result = await service.get(mockDatabaseWithSshBasic.id);
+
+      expect(result).toEqual(mockDatabaseWithSshBasic);
+      expect(caCertRepository.get).not.toHaveBeenCalled();
+      expect(clientCertRepository.get).not.toHaveBeenCalled();
+    });
+
+    it('should return standalone database model with ssh enabled (privateKey + passphrase)', async () => {
+      repository.findOneBy.mockResolvedValue(mockDatabaseWithSshPrivateKeyEntity);
+      const result = await service.get(mockDatabaseWithSshPrivateKey.id);
+
+      expect(result).toEqual(mockDatabaseWithSshPrivateKey);
+      expect(caCertRepository.get).not.toHaveBeenCalled();
+      expect(clientCertRepository.get).not.toHaveBeenCalled();
+    });
+
     it('should return standalone model with ca tls', async () => {
       repository.findOneBy.mockResolvedValue(mockDatabaseWithTlsEntity);
 
@@ -201,14 +272,51 @@ describe('LocalDatabaseRepository', () => {
 
   describe('update', () => {
     it('should update standalone database', async () => {
-      const result = await service.update(mockDatabaseId, mockDatabase);
+      repository.merge.mockReturnValue(mockDatabaseEntity);
 
-      expect(result).toEqual(mockDatabase);
+      const result = await service.update(mockDatabaseId, {
+        ...mockDatabase,
+        caCert: null,
+        clientCert: null,
+        sshOptions: null,
+      });
+
+      expect(result).toEqual({
+        ...mockDatabase,
+        caCert: null,
+        clientCert: null,
+        sshOptions: null,
+      });
+      expect(caCertRepository.create).not.toHaveBeenCalled();
+      expect(clientCertRepository.create).not.toHaveBeenCalled();
+      expect(sshOptionsRepository.createQueryBuilder).toHaveBeenCalled();
+    });
+
+    it('should update standalone database with ssh enabled (basic)', async () => {
+      repository.findOneBy.mockResolvedValue(mockDatabaseWithSshBasicEntity);
+      repository.merge.mockReturnValue(mockDatabaseWithSshBasic);
+
+      const result = await service.update(mockDatabaseId, mockDatabaseWithSshBasic);
+
+      expect(result).toEqual(mockDatabaseWithSshBasic);
+      expect(caCertRepository.create).not.toHaveBeenCalled();
+      expect(clientCertRepository.create).not.toHaveBeenCalled();
+    });
+
+    it('should update standalone database with ssh enabled (privateKey)', async () => {
+      repository.findOneBy.mockResolvedValue(mockDatabaseWithSshPrivateKeyEntity);
+      repository.merge.mockReturnValue(mockDatabaseWithSshPrivateKey);
+
+      const result = await service.update(mockDatabaseId, mockDatabaseWithSshPrivateKey);
+
+      expect(result).toEqual(mockDatabaseWithSshPrivateKey);
       expect(caCertRepository.create).not.toHaveBeenCalled();
       expect(clientCertRepository.create).not.toHaveBeenCalled();
     });
 
     it('should update standalone database (with existing certificates)', async () => {
+      repository.merge.mockReturnValue(mockDatabaseWithTlsAuth);
+      repository.findOneBy.mockResolvedValueOnce(mockDatabaseWithTlsAuthEntity);
       repository.findOneBy.mockResolvedValueOnce(mockDatabaseWithTlsAuthEntity);
 
       const result = await service.update(mockDatabaseId, mockDatabaseWithTlsAuth);
@@ -219,6 +327,8 @@ describe('LocalDatabaseRepository', () => {
     });
 
     it('should update standalone database (and certificates)', async () => {
+      repository.merge.mockReturnValue(mockDatabaseWithTlsAuth);
+      repository.findOneBy.mockResolvedValueOnce(mockDatabaseWithTlsAuthEntity);
       repository.findOneBy.mockResolvedValueOnce(mockDatabaseWithTlsAuthEntity);
 
       const result = await service.update(