1// Copyright 2017 Istio Authors 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15package platform 16 17import ( 18 "bytes" 19 "io/ioutil" 20 "strings" 21 "testing" 22) 23 24func TestNewOnPremClientImpl(t *testing.T) { 25 testCases := map[string]struct { 26 }{} 27 for id, c := range testCases { 28 t.Log(id, c) 29 } 30} 31 32func TestOnPremGetServiceIdentity(t *testing.T) { 33 testCases := map[string]struct { 34 rootCert string 35 keyFile string 36 filename string 37 expectedID string 38 expectedErr string 39 }{ 40 "Good cert1": { 41 rootCert: "testdata/cert-root-good.pem", 42 keyFile: "testdata/key-from-root-good.pem", 43 filename: "testdata/cert-chain-good.pem", 44 expectedID: "spiffe://cluster.local/ns/default/sa/default", 45 }, 46 "Good cert2": { 47 rootCert: "testdata/cert-root-good.pem", 48 keyFile: "testdata/key-from-root-good.pem", 49 filename: "testdata/cert-chain-good2.pem", 50 expectedID: "spiffe://cluster.local/ns/default/sa/default", 51 }, 52 "Bad cert format": { 53 rootCert: "testdata/cert-root-good.pem", 54 keyFile: "testdata/key-from-root-good.pem", 55 filename: "testdata/cert-chain-bad1.pem", 56 expectedErr: "invalid PEM encoded certificate", 57 }, 58 "Wrong file": { 59 rootCert: "testdata/cert-root-good.pem", 60 keyFile: "testdata/key-from-root-good.pem", 61 filename: "testdata/cert-chain-bad2.pem", 62 expectedErr: "testdata/cert-chain-bad2.pem: no such file or directory", 63 }, 64 } 65 66 for id, c := range testCases { 67 var identity string 68 onprem, err := NewOnPremClientImpl(c.rootCert, c.keyFile, c.filename) 69 if err == nil { 70 identity, err = onprem.GetServiceIdentity() 71 } 72 if c.expectedErr == "" && err != nil { 73 t.Errorf("%v got error %v, want no error", id, err) 74 } 75 if c.expectedErr != "" { 76 if err == nil { 77 t.Errorf("%v: no error is returtned, want %v", id, c.expectedErr) 78 } else if !strings.Contains(err.Error(), c.expectedErr) { 79 t.Errorf("%v: %v %v", id, err, c.expectedErr) 80 } 81 continue 82 } 83 if identity != c.expectedID { 84 t.Errorf("%s: GetServiceIdentity returns identity: %s. It should be %s.", id, identity, c.expectedID) 85 } 86 } 87} 88 89func TestGetTLSCredentials(t *testing.T) { 90 testCases := map[string]struct { 91 rootCertFile string 92 certChainFile string 93 keyFile string 94 expectedErr string 95 }{ 96 "Good cert": { 97 rootCertFile: "testdata/cert-root-good.pem", 98 certChainFile: "testdata/cert-from-root-good.pem", 99 keyFile: "testdata/key-from-root-good.pem", 100 expectedErr: "", 101 }, 102 "Loading failure": { 103 rootCertFile: "testdata/cert-root-good.pem", 104 certChainFile: "testdata/cert-from-root-goo.pem", 105 keyFile: "testdata/key-from-root-not-exist.pem", 106 expectedErr: "testdata/key-from-root-not-exist.pem: no such file or directory", 107 }, 108 "Loading root cert failure": { 109 rootCertFile: "testdata/cert-root-not-exist.pem", 110 certChainFile: "testdata/cert-from-root-good.pem", 111 keyFile: "testdata/key-from-root-good.pem", 112 expectedErr: "testdata/cert-root-not-exist.pem: no such file or directory", 113 }, 114 } 115 116 for id, c := range testCases { 117 onprem, err := NewOnPremClientImpl(c.rootCertFile, c.keyFile, c.certChainFile) 118 if err == nil { 119 _, err = onprem.GetDialOptions() 120 } 121 if c.expectedErr == "" && err != nil { 122 t.Errorf("%v got error %v, want no error", id, err) 123 } 124 if c.expectedErr != "" { 125 if err == nil { 126 t.Errorf("%v: no error is returned, want %v", id, c.expectedErr) 127 } else if !strings.Contains(err.Error(), c.expectedErr) { 128 t.Errorf("%v: unexpected error got %v want contains %v", id, err, c.expectedErr) 129 } 130 } 131 } 132} 133 134func TestGetAgentCredential(t *testing.T) { 135 certFile := "testdata/cert-chain.pem" 136 certBytes, err := ioutil.ReadFile(certFile) 137 if err != nil { 138 t.Fatalf("unable to read file %s", certFile) 139 } 140 141 testCases := map[string]struct { 142 rootCertFile string 143 keyFile string 144 filename string 145 expectedBytes []byte 146 expectedErr string 147 }{ 148 "Existing cert": { 149 rootCertFile: "testdata/cert-root-good.pem", 150 keyFile: "testdata/key-from-root-good.pem", 151 filename: certFile, 152 expectedBytes: certBytes, 153 expectedErr: "", 154 }, 155 "Missing cert": { 156 rootCertFile: "testdata/cert-root-good.pem", 157 keyFile: "testdata/key-from-root-good.pem", 158 filename: "testdata/fake-cert.pem", 159 expectedBytes: nil, 160 expectedErr: "testdata/fake-cert.pem: no such file or directory", 161 }, 162 } 163 164 for id, c := range testCases { 165 onprem, err := NewOnPremClientImpl(c.rootCertFile, c.keyFile, c.filename) 166 var cred []byte 167 if err == nil { 168 cred, err = onprem.GetAgentCredential() 169 } 170 if c.expectedErr == "" && err != nil { 171 t.Errorf("%v got error %v, want no error", id, err) 172 } 173 if c.expectedErr != "" { 174 if err == nil { 175 t.Errorf("%v: no error is returned, want %v", id, c.expectedErr) 176 } else if !strings.Contains(err.Error(), c.expectedErr) { 177 t.Errorf("%v: unexpected error got %v want contains %v", id, err, c.expectedErr) 178 } 179 continue 180 } 181 if !bytes.Equal(cred, c.expectedBytes) { 182 t.Errorf("%s: GetAgentCredential returns bytes: %s. It should be %s.", id, cred, c.expectedBytes) 183 } 184 } 185} 186 187func TestOnpremIsProperPlatform(t *testing.T) { 188 onprem, err := NewOnPremClientImpl( 189 "testdata/cert-root-good.pem", "testdata/key-from-root-good.pem", "testdata/cert-from-root-good.pem") 190 if err != nil { 191 t.Errorf("failed to create OnPrem client %v", err) 192 } 193 expected := onprem.IsProperPlatform() 194 if !expected { 195 t.Errorf("Unexpected response: %v.", expected) 196 } 197} 198 199func TestOnpremGetCredentialType(t *testing.T) { 200 onprem, err := NewOnPremClientImpl( 201 "testdata/cert-root-good.pem", "testdata/key-from-root-good.pem", "testdata/cert-from-root-good.pem") 202 if err != nil { 203 t.Errorf("failed to create onprem client %v", err) 204 } 205 credentialType := onprem.GetCredentialType() 206 if credentialType != "onprem" { 207 t.Errorf("Unexpected credential type: %v.", credentialType) 208 } 209} 210