6
. "github.com/onsi/ginkgo/v2"
7
. "github.com/onsi/gomega"
9
"github.com/kumahq/kuma/pkg/config/plugins/resources/postgres"
10
config_types "github.com/kumahq/kuma/pkg/config/types"
13
var _ = Describe("TLSPostgresStoreConfig", func() {
14
type testCase struct {
15
config postgres.TLSPostgresStoreConfig
18
DescribeTable("should validate invalid config",
19
func(given testCase) {
21
err := given.config.Validate()
24
Expect(err).To(MatchError(given.error))
26
Entry("VerifyCA without CAPath", testCase{
27
config: postgres.TLSPostgresStoreConfig{
28
Mode: postgres.VerifyCa,
32
error: "CAPath cannot be empty",
34
Entry("VerifyFull without CAPath", testCase{
35
config: postgres.TLSPostgresStoreConfig{
36
Mode: postgres.VerifyFull,
40
error: "CAPath cannot be empty",
42
Entry("CertPath without KeyPath", testCase{
43
config: postgres.TLSPostgresStoreConfig{
44
Mode: postgres.VerifyNone,
48
error: "KeyPath cannot be empty when CertPath is provided",
50
Entry("KeyPath without CertPath", testCase{
51
config: postgres.TLSPostgresStoreConfig{
52
Mode: postgres.VerifyNone,
56
error: "CertPath cannot be empty when KeyPath is provided",
60
DescribeTable("should validate valid config",
61
func(cfg postgres.TLSPostgresStoreConfig) {
62
Expect(cfg.Validate()).To(Succeed())
64
Entry("mode Disable", postgres.TLSPostgresStoreConfig{
65
Mode: postgres.Disable,
67
Entry("mode VerifyNone", postgres.TLSPostgresStoreConfig{
68
Mode: postgres.VerifyNone,
72
Entry("mode VerifyCA", postgres.TLSPostgresStoreConfig{
73
Mode: postgres.VerifyCa,
78
Entry("mode VerifyFull", postgres.TLSPostgresStoreConfig{
79
Mode: postgres.VerifyFull,
84
Entry("mode VerifyFull without sslsni", postgres.TLSPostgresStoreConfig{
85
Mode: postgres.VerifyFull,
94
var _ = Describe("PostgresStoreConfig", func() {
95
type stringTestCase struct {
96
given postgres.PostgresStoreConfig
99
DescribeTable("converts to Postgres connection string",
100
func(testCase stringTestCase) {
102
str, err := testCase.given.ConnectionString()
103
Expect(err).ToNot(HaveOccurred())
106
Expect(str).To(Equal(testCase.expected))
108
Entry("basic config", stringTestCase{
109
given: postgres.PostgresStoreConfig{
112
Password: `postgres`,
114
TLS: postgres.TLSPostgresStoreConfig{
115
Mode: postgres.VerifyFull,
120
MinReconnectInterval: config_types.Duration{Duration: 10 * time.Second},
121
MaxReconnectInterval: config_types.Duration{Duration: 10 * time.Second},
123
expected: `host='localhost' port=0 user='postgres' password='postgres' dbname='kuma' connect_timeout=0 sslmode=verify-full sslcert='/path' sslkey='/path' sslrootcert='/path'`,
125
Entry("password needing escape without sslsni", stringTestCase{
126
given: postgres.PostgresStoreConfig{
131
TLS: postgres.TLSPostgresStoreConfig{
132
Mode: postgres.VerifyFull,
138
MinReconnectInterval: config_types.Duration{Duration: 10 * time.Second},
139
MaxReconnectInterval: config_types.Duration{Duration: 10 * time.Second},
141
expected: `host='localhost' port=0 user='postgres' password='\'\\' dbname='kuma' connect_timeout=0 sslmode=verify-full sslcert='/path' sslkey='/path' sslrootcert='/path' sslsni=0`,
144
type validateTestCase struct {
145
config postgres.PostgresStoreConfig
148
DescribeTable("should validate invalid config",
149
func(given validateTestCase) {
151
err := given.config.Validate()
154
Expect(err).To(MatchError(given.error))
156
Entry("MinReconnectInterval is equal to MaxReconnectInterval", validateTestCase{
157
config: postgres.PostgresStoreConfig{
160
Password: "postgres",
162
TLS: postgres.TLSPostgresStoreConfig{
163
Mode: postgres.VerifyFull,
168
MinReconnectInterval: config_types.Duration{Duration: 10 * time.Second},
169
MaxReconnectInterval: config_types.Duration{Duration: 10 * time.Second},
171
error: "MinReconnectInterval should be less than MaxReconnectInterval",
173
Entry("MinReconnectInterval is greater than MaxReconnectInterval", validateTestCase{
174
config: postgres.PostgresStoreConfig{
177
Password: "postgres",
179
TLS: postgres.TLSPostgresStoreConfig{
180
Mode: postgres.VerifyFull,
185
MinReconnectInterval: config_types.Duration{Duration: 10 * time.Second},
186
MaxReconnectInterval: config_types.Duration{Duration: 1 * time.Second},
188
error: "MinReconnectInterval should be less than MaxReconnectInterval",
190
Entry("MinOpenConnections is greater than MaxOpenConnections", validateTestCase{
191
config: postgres.PostgresStoreConfig{
194
Password: "postgres",
196
TLS: postgres.DefaultTLSPostgresStoreConfig(),
197
MinReconnectInterval: config_types.Duration{Duration: 1 * time.Second},
198
MaxReconnectInterval: config_types.Duration{Duration: 10 * time.Second},
199
MinOpenConnections: 5,
200
MaxOpenConnections: 1,
202
error: "MinOpenConnections should be less than MaxOpenConnections",
204
Entry("MinOpenConnections should be greater than 0", validateTestCase{
205
config: postgres.PostgresStoreConfig{
208
Password: "postgres",
210
TLS: postgres.DefaultTLSPostgresStoreConfig(),
211
MinReconnectInterval: config_types.Duration{Duration: 1 * time.Second},
212
MaxReconnectInterval: config_types.Duration{Duration: 10 * time.Second},
213
MinOpenConnections: -1,
215
error: "MinOpenConnections should be greater than 0",
217
Entry("MaxConnectionLifetime should be greater than 0", validateTestCase{
218
config: postgres.PostgresStoreConfig{
221
Password: "postgres",
223
TLS: postgres.DefaultTLSPostgresStoreConfig(),
224
MinReconnectInterval: config_types.Duration{Duration: 1 * time.Second},
225
MaxReconnectInterval: config_types.Duration{Duration: 10 * time.Second},
226
HealthCheckInterval: config_types.Duration{Duration: -1 * time.Second},
228
error: "HealthCheckInterval should be greater than 0",