istio

client_test.go
107 строк · 3.1 Кб
Перенос по словам
1
// Copyright Istio Authors
2
//
3
// Licensed under the Apache License, Version 2.0 (the "License");
4
// you may not use this file except in compliance with the License.
5
// You may obtain a copy of the License at
6
//
7
//     http://www.apache.org/licenses/LICENSE-2.0
8
//
9
// Unless required by applicable law or agreed to in writing, software
10
// distributed under the License is distributed on an "AS IS" BASIS,
11
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
// See the License for the specific language governing permissions and
13
// limitations under the License.
14

15
package caclient
16

17
import (
18
	"fmt"
19
	"reflect"
20
	"testing"
21

22
	"istio.io/istio/security/pkg/nodeagent/caclient/providers/google/mock"
23
)
24

25
const mockServerAddress = "localhost:0"
26

27
var fakeCert = []string{"foo", "bar"}
28

29
func TestGoogleCAClient(t *testing.T) {
30
	t.Setenv("GKE_CLUSTER_URL", "https://container.googleapis.com/v1/projects/testproj/locations/us-central1-c/clusters/cluster1")
31

32
	testCases := map[string]struct {
33
		service      mock.CAService
34
		expectedCert []string
35
		expectedErr  string
36
	}{
37
		"Valid certs": {
38
			service:      mock.CAService{Certs: fakeCert, Err: nil},
39
			expectedCert: fakeCert,
40
			expectedErr:  "",
41
		},
42
		"Error in response": {
43
			service:      mock.CAService{Certs: nil, Err: fmt.Errorf("test failure")},
44
			expectedCert: nil,
45
			expectedErr:  "rpc error: code = Unknown desc = test failure",
46
		},
47
		"Empty response": {
48
			service:      mock.CAService{Certs: []string{}, Err: nil},
49
			expectedCert: nil,
50
			expectedErr:  "invalid response cert chain",
51
		},
52
	}
53

54
	for id, tc := range testCases {
55
		// create a local grpc server
56
		s, err := mock.CreateServer(mockServerAddress, &tc.service)
57
		if err != nil {
58
			t.Fatalf("Test case [%s]: failed to create server: %v", id, err)
59
		}
60
		defer s.Stop()
61

62
		cli, err := NewGoogleCAClient(s.Address, false, nil)
63
		if err != nil {
64
			t.Errorf("Test case [%s]: failed to create ca client: %v", id, err)
65
		}
66

67
		resp, err := cli.CSRSign([]byte{0o1}, 1)
68
		if err != nil {
69
			if err.Error() != tc.expectedErr {
70
				t.Errorf("Test case [%s]: error (%s) does not match expected error (%s)", id, err.Error(), tc.expectedErr)
71
			}
72
		} else {
73
			if tc.expectedErr != "" {
74
				t.Errorf("Test case [%s]: expect error: %s but got no error", id, tc.expectedErr)
75
			} else if !reflect.DeepEqual(resp, tc.expectedCert) {
76
				t.Errorf("Test case [%s]: resp: got %+v, expected %v", id, resp, tc.expectedCert)
77
			}
78
		}
79
	}
80
}
81

82
func TestParseZone(t *testing.T) {
83
	testCases := map[string]struct {
84
		clusterURL   string
85
		expectedZone string
86
	}{
87
		"Valid URL": {
88
			clusterURL:   "https://container.googleapis.com/v1/projects/testproj1/locations/us-central1-c/clusters/c1",
89
			expectedZone: "us-central1-c",
90
		},
91
		"Hub URL": {
92
			clusterURL:   "https://gkehub.googleapis.com/projects/testproject1/locations/global/memberships/test01",
93
			expectedZone: "",
94
		},
95
		"InValid response": {
96
			clusterURL:   "aaa",
97
			expectedZone: "",
98
		},
99
	}
100

101
	for id, tc := range testCases {
102
		zone := parseZone(tc.clusterURL)
103
		if zone != tc.expectedZone {
104
			t.Errorf("Test case [%s]: proj: got %+v, expected %v", id, zone, tc.expectedZone)
105
		}
106
	}
107
}
108
istio

Использование cookies
