/
envoy.istio
/
talos
GigaCode
beta
ОбзорЦентр заботыВойти

talos

Форк
0
Ветки: 32Коммиты: 4736Теги: 436
talos
/pkg
/machinery
/client
/
connection_test.go 
151 строка · 5.1 Кб
1
// This Source Code Form is subject to the terms of the Mozilla Public
2
// License, v. 2.0. If a copy of the MPL was not distributed with this
3
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
4


5
package client_test
6


7
import (
8
	"crypto/tls"
9
	"crypto/x509"
10
	"encoding/base64"
11
	"testing"
12


13
	"github.com/stretchr/testify/assert"
14


15
	"github.com/siderolabs/talos/pkg/machinery/client"
16
	clientconfig "github.com/siderolabs/talos/pkg/machinery/client/config"
17
)
18


19
func TestReduceURLsToAddresses(t *testing.T) {
20
	endpoints := []string{
21
		"123.123.123.123",
22
		"exammple.com:111",
23
		"234.234.234.234:4000",
24
		"https://111.111.222.222:444",
25
		"localhost",
26
		"localhost:890",
27
		"https://[42a1:cfa:5458:3967:e2ce:afaa:6194:12f]:40000",
28
		"https://localhost:890",
29
		"2001:db8:0:0:0:ff00:42:8329",
30
		"https://[be4d:c25e:aca0:9366:68b7:c84:a23b:f7be]",
31
		"https://www.somecompany.com",
32
		"www.company.com",
33
		"[2001:db8:4006:812::200e]:8080",
34
		"grpc://222.22.2.1",
35
		"grpc://[794b:389:73cb:76a2:59de:62fd:ee38:7c]:111",
36
	}
37
	expected := []string{
38
		"123.123.123.123",
39
		"exammple.com:111",
40
		"234.234.234.234:4000",
41
		"111.111.222.222:444",
42
		"localhost",
43
		"localhost:890",
44
		"[42a1:cfa:5458:3967:e2ce:afaa:6194:12f]:40000",
45
		"localhost:890",
46
		"2001:db8:0:0:0:ff00:42:8329",
47
		"[be4d:c25e:aca0:9366:68b7:c84:a23b:f7be]:443",
48
		"www.somecompany.com:443",
49
		"www.company.com",
50
		"[2001:db8:4006:812::200e]:8080",
51
		"222.22.2.1",
52
		"[794b:389:73cb:76a2:59de:62fd:ee38:7c]:111",
53
	}
54


55
	actual := client.ReduceURLsToAddresses(endpoints)
56


57
	assert.Equal(t, expected, actual)
58
}
59


60
func TestBuildTLSConfig(t *testing.T) {
61
	//nolint:lll
62
	ca := `LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQakNCOGFBREFnRUNBaEFtbGVURnRuRVY3b3NHYTJFSU9RVUJNQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU1qQTRNVEl4T0RNeE1EZGFGdzB6TWpBNE1Ea3hPRE14TURkYU1CQXhEakFNQmdOVgpCQW9UQlhSaGJHOXpNQ293QlFZREsyVndBeUVBVGZ3RjFMQjVwVjg2cGw4cHN2aS93R2dWWmkvTm5NME8wYUZNCjBoenZZdzZqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVWTRhSGg3UnJxRnVObFNydAo4bXY4ZHduUjRKQXdCUVlESzJWd0EwRUFTaE5jYURXMGwrU24xYSt5c21Sd2M2NGlBa3Y5dUlZNGdXU0t3RWJ4CnpYQlR3SkZWcmNPWlZNNS9pM0Y0UjFWZVkzM3QwdFBQMFBGZVF5MVRWTDlVQ0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==`
63


64
	caBytes, err := base64.StdEncoding.DecodeString(ca)
65
	assert.Nil(t, err)
66


67
	expectedRootCAs := x509.NewCertPool()
68
	expectedRootCAs.AppendCertsFromPEM(caBytes)
69


70
	//nolint:lll
71
	crt := `LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJNekNCNXFBREFnRUNBaEVBZ1BscnFYWUtDeVNHRkxmazVVK2JQekFGQmdNclpYQXdFREVPTUF3R0ExVUUKQ2hNRmRHRnNiM013SGhjTk1qSXdPREV5TVRnek1UQTNXaGNOTXpJd09EQTVNVGd6TVRBM1dqQVRNUkV3RHdZRApWUVFLRXdodmN6cGhaRzFwYmpBcU1BVUdBeXRsY0FNaEFKblVxM1V1TzNTaGg4YW50eEZzNGJnZDlXeGRtcit6CmZURkxIcGpQVWlUaG8xSXdVREFPQmdOVkhROEJBZjhFQkFNQ0I0QXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUgKQXdFR0NDc0dBUVVGQndNQ01COEdBMVVkSXdRWU1CYUFGR09HaDRlMGE2aGJqWlVxN2ZKci9IY0owZUNRTUFVRwpBeXRsY0FOQkFNaW1wdnlxa0RHWDhROFErMTBtVWowYXJoQUpqdHl4OHErQll2QnlWOThxYyt3VldnYlFBc3FmClV3Sy9lN2ZLak1qMi9kRUZqOCs2SGZpOVJMTE5udzQ9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K`
72


73
	key := `LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJQ3FTdHpMTTNzaHNqMlZld2dXaVBPaDJUT01uUmM3cmNyRkczTGhNaFdkQQotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K`
74


75
	keyBytes, err := base64.StdEncoding.DecodeString(key)
76
	assert.Nil(t, err)
77


78
	crtBytes, err := base64.StdEncoding.DecodeString(crt)
79
	assert.Nil(t, err)
80


81
	expectedCert, err := tls.X509KeyPair(crtBytes, keyBytes)
82
	assert.Nil(t, err)
83


84
	expectedCerts := []tls.Certificate{expectedCert}
85


86
	t.Run("Returns default tls config for empty config context.", func(t *testing.T) {
87
		// given
88
		configContext := clientconfig.Context{}
89


90
		// when
91
		tlsConfig, err := client.BuildTLSConfig(&configContext)
92
		assert.Nil(t, err)
93


94
		// then
95
		expected := &tls.Config{}
96
		assert.Equal(t, expected, tlsConfig)
97
	})
98


99
	t.Run("Returns tls config with CA for config context with CA.", func(t *testing.T) {
100
		// given
101
		configContext := clientconfig.Context{
102
			CA: ca,
103
		}
104


105
		// when
106
		tlsConfig, err := client.BuildTLSConfig(&configContext)
107
		assert.Nil(t, err)
108


109
		// then
110
		assert.True(t, expectedRootCAs.Equal(tlsConfig.RootCAs))
111


112
		assert.Len(t, tlsConfig.Certificates, 0)
113
	})
114


115
	t.Run("Returns tls config with Certificate for config context with Crt and Key.", func(t *testing.T) {
116
		// given
117
		configContext := clientconfig.Context{
118
			Crt: crt,
119
			Key: key,
120
		}
121


122
		// when
123
		tlsConfig, err := client.BuildTLSConfig(&configContext)
124
		assert.Nil(t, err)
125


126
		// then
127
		assert.Equal(t, expectedCerts, tlsConfig.Certificates)
128
		assert.Equal(t, tls.RequireAndVerifyClientCert, tlsConfig.ClientAuth)
129


130
		assert.Nil(t, tlsConfig.RootCAs)
131
	})
132


133
	t.Run("Returns tls config with CA and Certificate for config context with CA, Crt and Key.", func(t *testing.T) {
134
		// given
135
		configContext := clientconfig.Context{
136
			CA:  ca,
137
			Crt: crt,
138
			Key: key,
139
		}
140


141
		// when
142
		tlsConfig, err := client.BuildTLSConfig(&configContext)
143
		assert.Nil(t, err)
144


145
		// then
146
		assert.True(t, expectedRootCAs.Equal(tlsConfig.RootCAs))
147


148
		assert.Equal(t, expectedCerts, tlsConfig.Certificates)
149
		assert.Equal(t, tls.RequireAndVerifyClientCert, tlsConfig.ClientAuth)
150
	})
151
}
152

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.