1// Copyright 2017 Istio Authors
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15package platform
16
17import (
18	"bytes"
19	"io/ioutil"
20	"strings"
21	"testing"
22)
23
24func TestNewOnPremClientImpl(t *testing.T) {
25	testCases := map[string]struct {
26	}{}
27	for id, c := range testCases {
28		t.Log(id, c)
29	}
30}
31
32func TestOnPremGetServiceIdentity(t *testing.T) {
33	testCases := map[string]struct {
34		rootCert    string
35		keyFile     string
36		filename    string
37		expectedID  string
38		expectedErr string
39	}{
40		"Good cert1": {
41			rootCert:   "testdata/cert-root-good.pem",
42			keyFile:    "testdata/key-from-root-good.pem",
43			filename:   "testdata/cert-chain-good.pem",
44			expectedID: "spiffe://cluster.local/ns/default/sa/default",
45		},
46		"Good cert2": {
47			rootCert:   "testdata/cert-root-good.pem",
48			keyFile:    "testdata/key-from-root-good.pem",
49			filename:   "testdata/cert-chain-good2.pem",
50			expectedID: "spiffe://cluster.local/ns/default/sa/default",
51		},
52		"Bad cert format": {
53			rootCert:    "testdata/cert-root-good.pem",
54			keyFile:     "testdata/key-from-root-good.pem",
55			filename:    "testdata/cert-chain-bad1.pem",
56			expectedErr: "invalid PEM encoded certificate",
57		},
58		"Wrong file": {
59			rootCert:    "testdata/cert-root-good.pem",
60			keyFile:     "testdata/key-from-root-good.pem",
61			filename:    "testdata/cert-chain-bad2.pem",
62			expectedErr: "testdata/cert-chain-bad2.pem: no such file or directory",
63		},
64	}
65
66	for id, c := range testCases {
67		var identity string
68		onprem, err := NewOnPremClientImpl(c.rootCert, c.keyFile, c.filename)
69		if err == nil {
70			identity, err = onprem.GetServiceIdentity()
71		}
72		if c.expectedErr == "" && err != nil {
73			t.Errorf("%v got error %v, want no error", id, err)
74		}
75		if c.expectedErr != "" {
76			if err == nil {
77				t.Errorf("%v: no error is returtned, want %v", id, c.expectedErr)
78			} else if !strings.Contains(err.Error(), c.expectedErr) {
79				t.Errorf("%v: %v %v", id, err, c.expectedErr)
80			}
81			continue
82		}
83		if identity != c.expectedID {
84			t.Errorf("%s: GetServiceIdentity returns identity: %s. It should be %s.", id, identity, c.expectedID)
85		}
86	}
87}
88
89func TestGetTLSCredentials(t *testing.T) {
90	testCases := map[string]struct {
91		rootCertFile  string
92		certChainFile string
93		keyFile       string
94		expectedErr   string
95	}{
96		"Good cert": {
97			rootCertFile:  "testdata/cert-root-good.pem",
98			certChainFile: "testdata/cert-from-root-good.pem",
99			keyFile:       "testdata/key-from-root-good.pem",
100			expectedErr:   "",
101		},
102		"Loading failure": {
103			rootCertFile:  "testdata/cert-root-good.pem",
104			certChainFile: "testdata/cert-from-root-goo.pem",
105			keyFile:       "testdata/key-from-root-not-exist.pem",
106			expectedErr:   "testdata/key-from-root-not-exist.pem: no such file or directory",
107		},
108		"Loading root cert failure": {
109			rootCertFile:  "testdata/cert-root-not-exist.pem",
110			certChainFile: "testdata/cert-from-root-good.pem",
111			keyFile:       "testdata/key-from-root-good.pem",
112			expectedErr:   "testdata/cert-root-not-exist.pem: no such file or directory",
113		},
114	}
115
116	for id, c := range testCases {
117		onprem, err := NewOnPremClientImpl(c.rootCertFile, c.keyFile, c.certChainFile)
118		if err == nil {
119			_, err = onprem.GetDialOptions()
120		}
121		if c.expectedErr == "" && err != nil {
122			t.Errorf("%v got error %v, want no error", id, err)
123		}
124		if c.expectedErr != "" {
125			if err == nil {
126				t.Errorf("%v: no error is returned, want %v", id, c.expectedErr)
127			} else if !strings.Contains(err.Error(), c.expectedErr) {
128				t.Errorf("%v: unexpected error got %v want contains %v", id, err, c.expectedErr)
129			}
130		}
131	}
132}
133
134func TestGetAgentCredential(t *testing.T) {
135	certFile := "testdata/cert-chain.pem"
136	certBytes, err := ioutil.ReadFile(certFile)
137	if err != nil {
138		t.Fatalf("unable to read file %s", certFile)
139	}
140
141	testCases := map[string]struct {
142		rootCertFile  string
143		keyFile       string
144		filename      string
145		expectedBytes []byte
146		expectedErr   string
147	}{
148		"Existing cert": {
149			rootCertFile:  "testdata/cert-root-good.pem",
150			keyFile:       "testdata/key-from-root-good.pem",
151			filename:      certFile,
152			expectedBytes: certBytes,
153			expectedErr:   "",
154		},
155		"Missing cert": {
156			rootCertFile:  "testdata/cert-root-good.pem",
157			keyFile:       "testdata/key-from-root-good.pem",
158			filename:      "testdata/fake-cert.pem",
159			expectedBytes: nil,
160			expectedErr:   "testdata/fake-cert.pem: no such file or directory",
161		},
162	}
163
164	for id, c := range testCases {
165		onprem, err := NewOnPremClientImpl(c.rootCertFile, c.keyFile, c.filename)
166		var cred []byte
167		if err == nil {
168			cred, err = onprem.GetAgentCredential()
169		}
170		if c.expectedErr == "" && err != nil {
171			t.Errorf("%v got error %v, want no error", id, err)
172		}
173		if c.expectedErr != "" {
174			if err == nil {
175				t.Errorf("%v: no error is returned, want %v", id, c.expectedErr)
176			} else if !strings.Contains(err.Error(), c.expectedErr) {
177				t.Errorf("%v: unexpected error got %v want contains %v", id, err, c.expectedErr)
178			}
179			continue
180		}
181		if !bytes.Equal(cred, c.expectedBytes) {
182			t.Errorf("%s: GetAgentCredential returns bytes: %s. It should be %s.", id, cred, c.expectedBytes)
183		}
184	}
185}
186
187func TestOnpremIsProperPlatform(t *testing.T) {
188	onprem, err := NewOnPremClientImpl(
189		"testdata/cert-root-good.pem", "testdata/key-from-root-good.pem", "testdata/cert-from-root-good.pem")
190	if err != nil {
191		t.Errorf("failed to create OnPrem client %v", err)
192	}
193	expected := onprem.IsProperPlatform()
194	if !expected {
195		t.Errorf("Unexpected response: %v.", expected)
196	}
197}
198
199func TestOnpremGetCredentialType(t *testing.T) {
200	onprem, err := NewOnPremClientImpl(
201		"testdata/cert-root-good.pem", "testdata/key-from-root-good.pem", "testdata/cert-from-root-good.pem")
202	if err != nil {
203		t.Errorf("failed to create onprem client %v", err)
204	}
205	credentialType := onprem.GetCredentialType()
206	if credentialType != "onprem" {
207		t.Errorf("Unexpected credential type: %v.", credentialType)
208	}
209}
210