1
// This Source Code Form is subject to the terms of the Mozilla Public
2
// License, v. 2.0. If a copy of the MPL was not distributed with this
3
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
13
"github.com/stretchr/testify/assert"
15
"github.com/siderolabs/talos/pkg/machinery/client"
16
clientconfig "github.com/siderolabs/talos/pkg/machinery/client/config"
19
func TestReduceURLsToAddresses(t *testing.T) {
20
endpoints := []string{
23
"234.234.234.234:4000",
24
"https://111.111.222.222:444",
27
"https://[42a1:cfa:5458:3967:e2ce:afaa:6194:12f]:40000",
28
"https://localhost:890",
29
"2001:db8:0:0:0:ff00:42:8329",
30
"https://[be4d:c25e:aca0:9366:68b7:c84:a23b:f7be]",
31
"https://www.somecompany.com",
33
"[2001:db8:4006:812::200e]:8080",
35
"grpc://[794b:389:73cb:76a2:59de:62fd:ee38:7c]:111",
40
"234.234.234.234:4000",
41
"111.111.222.222:444",
44
"[42a1:cfa:5458:3967:e2ce:afaa:6194:12f]:40000",
46
"2001:db8:0:0:0:ff00:42:8329",
47
"[be4d:c25e:aca0:9366:68b7:c84:a23b:f7be]:443",
48
"www.somecompany.com:443",
50
"[2001:db8:4006:812::200e]:8080",
52
"[794b:389:73cb:76a2:59de:62fd:ee38:7c]:111",
55
actual := client.ReduceURLsToAddresses(endpoints)
57
assert.Equal(t, expected, actual)
60
func TestBuildTLSConfig(t *testing.T) {
62
ca := `LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQakNCOGFBREFnRUNBaEFtbGVURnRuRVY3b3NHYTJFSU9RVUJNQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU1qQTRNVEl4T0RNeE1EZGFGdzB6TWpBNE1Ea3hPRE14TURkYU1CQXhEakFNQmdOVgpCQW9UQlhSaGJHOXpNQ293QlFZREsyVndBeUVBVGZ3RjFMQjVwVjg2cGw4cHN2aS93R2dWWmkvTm5NME8wYUZNCjBoenZZdzZqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVWTRhSGg3UnJxRnVObFNydAo4bXY4ZHduUjRKQXdCUVlESzJWd0EwRUFTaE5jYURXMGwrU24xYSt5c21Sd2M2NGlBa3Y5dUlZNGdXU0t3RWJ4CnpYQlR3SkZWcmNPWlZNNS9pM0Y0UjFWZVkzM3QwdFBQMFBGZVF5MVRWTDlVQ0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==`
64
caBytes, err := base64.StdEncoding.DecodeString(ca)
67
expectedRootCAs := x509.NewCertPool()
68
expectedRootCAs.AppendCertsFromPEM(caBytes)
71
crt := `LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJNekNCNXFBREFnRUNBaEVBZ1BscnFYWUtDeVNHRkxmazVVK2JQekFGQmdNclpYQXdFREVPTUF3R0ExVUUKQ2hNRmRHRnNiM013SGhjTk1qSXdPREV5TVRnek1UQTNXaGNOTXpJd09EQTVNVGd6TVRBM1dqQVRNUkV3RHdZRApWUVFLRXdodmN6cGhaRzFwYmpBcU1BVUdBeXRsY0FNaEFKblVxM1V1TzNTaGg4YW50eEZzNGJnZDlXeGRtcit6CmZURkxIcGpQVWlUaG8xSXdVREFPQmdOVkhROEJBZjhFQkFNQ0I0QXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUgKQXdFR0NDc0dBUVVGQndNQ01COEdBMVVkSXdRWU1CYUFGR09HaDRlMGE2aGJqWlVxN2ZKci9IY0owZUNRTUFVRwpBeXRsY0FOQkFNaW1wdnlxa0RHWDhROFErMTBtVWowYXJoQUpqdHl4OHErQll2QnlWOThxYyt3VldnYlFBc3FmClV3Sy9lN2ZLak1qMi9kRUZqOCs2SGZpOVJMTE5udzQ9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K`
73
key := `LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJQ3FTdHpMTTNzaHNqMlZld2dXaVBPaDJUT01uUmM3cmNyRkczTGhNaFdkQQotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K`
75
keyBytes, err := base64.StdEncoding.DecodeString(key)
78
crtBytes, err := base64.StdEncoding.DecodeString(crt)
81
expectedCert, err := tls.X509KeyPair(crtBytes, keyBytes)
84
expectedCerts := []tls.Certificate{expectedCert}
86
t.Run("Returns default tls config for empty config context.", func(t *testing.T) {
88
configContext := clientconfig.Context{}
91
tlsConfig, err := client.BuildTLSConfig(&configContext)
95
expected := &tls.Config{}
96
assert.Equal(t, expected, tlsConfig)
99
t.Run("Returns tls config with CA for config context with CA.", func(t *testing.T) {
101
configContext := clientconfig.Context{
106
tlsConfig, err := client.BuildTLSConfig(&configContext)
110
assert.True(t, expectedRootCAs.Equal(tlsConfig.RootCAs))
112
assert.Len(t, tlsConfig.Certificates, 0)
115
t.Run("Returns tls config with Certificate for config context with Crt and Key.", func(t *testing.T) {
117
configContext := clientconfig.Context{
123
tlsConfig, err := client.BuildTLSConfig(&configContext)
127
assert.Equal(t, expectedCerts, tlsConfig.Certificates)
128
assert.Equal(t, tls.RequireAndVerifyClientCert, tlsConfig.ClientAuth)
130
assert.Nil(t, tlsConfig.RootCAs)
133
t.Run("Returns tls config with CA and Certificate for config context with CA, Crt and Key.", func(t *testing.T) {
135
configContext := clientconfig.Context{
142
tlsConfig, err := client.BuildTLSConfig(&configContext)
146
assert.True(t, expectedRootCAs.Equal(tlsConfig.RootCAs))
148
assert.Equal(t, expectedCerts, tlsConfig.Certificates)
149
assert.Equal(t, tls.RequireAndVerifyClientCert, tlsConfig.ClientAuth)