21
"google.golang.org/api/option"
22
"google.golang.org/grpc"
23
"google.golang.org/grpc/codes"
24
"google.golang.org/grpc/credentials/insecure"
25
"google.golang.org/grpc/status"
27
"istio.io/istio/security/pkg/nodeagent/caclient/providers/google-cas/mock"
32
fakeCertChain = []string{"baz", "bar"}
33
fakeCaBundle = [][]string{{"bar"}, {"baz", "bar"}}
34
fakeExpectedRootCaBundle = []string{"bar"}
35
fakePoolLocator = "projects/test-project/locations/test-location/caPools/test-pool"
36
badPoolLocator = "bad-pool"
39
func TestGoogleCASClient(t *testing.T) {
40
fakeCombinedCert := append([]string{}, fakeCert)
41
fakeCombinedCert = append(fakeCombinedCert, fakeCertChain...)
43
testCases := map[string]struct {
45
service mock.CASService
47
expectedCertBundle []string
53
poolLocator: fakePoolLocator,
54
service: mock.CASService{CertPEM: fakeCert, CertChainPEM: fakeCertChain, CaCertBundle: fakeCaBundle},
55
expectedCert: fakeCombinedCert,
56
expectedCertBundle: fakeExpectedRootCaBundle,
61
poolLocator: badPoolLocator,
62
service: mock.CASService{CertPEM: fakeCert, CertChainPEM: fakeCertChain, CaCertBundle: fakeCaBundle},
63
expectedCert: fakeCombinedCert,
64
expectedCertBundle: fakeExpectedRootCaBundle,
65
expectedErr: status.Error(codes.InvalidArgument, "malformed ca path"),
69
for id, tc := range testCases {
71
s, lis, err := mock.CreateServer(&tc.service)
73
t.Fatalf("Test case [%s] Mock CAS Server Init: failed to create server: %v", id, err)
77
cli, err := NewGoogleCASClient(tc.poolLocator,
78
option.WithoutAuthentication(),
79
option.WithGRPCDialOption(grpc.WithContextDialer(mock.ContextDialerCreate(lis))),
80
option.WithGRPCDialOption(grpc.WithTransportCredentials(insecure.NewCredentials())))
82
t.Errorf("Test case [%s] Client Init: failed to create ca client: %v", id, err)
85
resp, err := cli.CSRSign([]byte{0o1}, 1)
87
if err.Error() != tc.expectedErr.Error() {
88
t.Errorf("Test case [%s] Cert Check: error (%s) does not match expected error (%s)", id, err.Error(), tc.expectedErr.Error())
91
if tc.expectedErr != nil {
92
t.Errorf("Test case [%s] Cert Check: expect error: %s but got no error", id, tc.expectedErr.Error())
93
} else if !reflect.DeepEqual(resp, tc.expectedCert) {
94
t.Errorf("Test case [%s] Cert Check: resp: got %+v, expected %v", id, resp, tc.expectedCert)
98
resp, err = cli.GetRootCertBundle()
100
if err.Error() != tc.expectedErr.Error() {
101
t.Errorf("Test case [%s] RootCaBundle check: error (%s) does not match expected error (%s)", id, err.Error(), tc.expectedErr.Error())
104
if tc.expectedErr != nil {
105
t.Errorf("Test case [%s] RootCaBundle check: expect error: %s but got no error", id, tc.expectedErr.Error())
106
} else if !reflect.DeepEqual(resp, tc.expectedCertBundle) {
107
t.Errorf("Test case [%s] RootCaBundle check: resp: got %+v, expected %v", id, resp, tc.expectedCertBundle)