github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/nomad/structs/config/tls_test.go (about) 1 package config 2 3 import ( 4 "testing" 5 6 "github.com/hashicorp/nomad/ci" 7 "github.com/stretchr/testify/assert" 8 "github.com/stretchr/testify/require" 9 ) 10 11 func TestTLSConfig_Merge(t *testing.T) { 12 ci.Parallel(t) 13 14 assert := assert.New(t) 15 a := &TLSConfig{ 16 CAFile: "test-ca-file", 17 CertFile: "test-cert-file", 18 } 19 20 b := &TLSConfig{ 21 EnableHTTP: true, 22 EnableRPC: true, 23 VerifyServerHostname: true, 24 CAFile: "test-ca-file-2", 25 CertFile: "test-cert-file-2", 26 RPCUpgradeMode: true, 27 TLSCipherSuites: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 28 TLSMinVersion: "tls12", 29 TLSPreferServerCipherSuites: true, 30 } 31 32 new := a.Merge(b) 33 assert.Equal(b, new) 34 } 35 36 func TestTLS_CertificateInfoIsEqual_TrueWhenEmpty(t *testing.T) { 37 ci.Parallel(t) 38 39 require := require.New(t) 40 a := &TLSConfig{} 41 b := &TLSConfig{} 42 isEqual, err := a.CertificateInfoIsEqual(b) 43 require.Nil(err) 44 require.True(isEqual) 45 } 46 47 func TestTLS_CertificateInfoIsEqual_FalseWhenUnequal(t *testing.T) { 48 ci.Parallel(t) 49 50 require := require.New(t) 51 const ( 52 cafile = "../../../helper/tlsutil/testdata/ca.pem" 53 foocert = "../../../helper/tlsutil/testdata/nomad-foo.pem" 54 fookey = "../../../helper/tlsutil/testdata/nomad-foo-key.pem" 55 foocert2 = "../../../helper/tlsutil/testdata/nomad-bad.pem" 56 fookey2 = "../../../helper/tlsutil/testdata/nomad-bad-key.pem" 57 ) 58 59 // Assert that both mismatching certificate and key files are considered 60 // unequal 61 { 62 a := &TLSConfig{ 63 CAFile: cafile, 64 CertFile: foocert, 65 KeyFile: fookey, 66 } 67 a.SetChecksum() 68 69 b := &TLSConfig{ 70 CAFile: cafile, 71 CertFile: foocert2, 72 KeyFile: fookey2, 73 } 74 isEqual, err := a.CertificateInfoIsEqual(b) 75 require.Nil(err) 76 require.False(isEqual) 77 } 78 79 // Assert that mismatching certificate are considered unequal 80 { 81 a := &TLSConfig{ 82 CAFile: cafile, 83 CertFile: foocert, 84 KeyFile: fookey, 85 } 86 a.SetChecksum() 87 88 b := &TLSConfig{ 89 CAFile: cafile, 90 CertFile: foocert2, 91 KeyFile: fookey, 92 } 93 isEqual, err := a.CertificateInfoIsEqual(b) 94 require.Nil(err) 95 require.False(isEqual) 96 } 97 98 // Assert that mismatching keys are considered unequal 99 { 100 a := &TLSConfig{ 101 CAFile: cafile, 102 CertFile: foocert, 103 KeyFile: fookey, 104 } 105 a.SetChecksum() 106 107 b := &TLSConfig{ 108 CAFile: cafile, 109 CertFile: foocert, 110 KeyFile: fookey2, 111 } 112 isEqual, err := a.CertificateInfoIsEqual(b) 113 require.Nil(err) 114 require.False(isEqual) 115 } 116 117 // Assert that mismatching empty types are considered unequal 118 { 119 a := &TLSConfig{} 120 121 b := &TLSConfig{ 122 CAFile: cafile, 123 CertFile: foocert, 124 KeyFile: fookey2, 125 } 126 isEqual, err := a.CertificateInfoIsEqual(b) 127 require.Nil(err) 128 require.False(isEqual) 129 } 130 131 // Assert that invalid files return an error 132 { 133 a := &TLSConfig{ 134 CAFile: cafile, 135 CertFile: foocert, 136 KeyFile: fookey2, 137 } 138 139 b := &TLSConfig{ 140 CAFile: cafile, 141 CertFile: "invalid_file", 142 KeyFile: fookey2, 143 } 144 isEqual, err := a.CertificateInfoIsEqual(b) 145 require.NotNil(err) 146 require.False(isEqual) 147 } 148 } 149 150 // Certificate info should be equal when the CA file, certificate file, and key 151 // file all are equal 152 func TestTLS_CertificateInfoIsEqual_TrueWhenEqual(t *testing.T) { 153 ci.Parallel(t) 154 155 require := require.New(t) 156 const ( 157 cafile = "../../../helper/tlsutil/testdata/ca.pem" 158 foocert = "../../../helper/tlsutil/testdata/nomad-foo.pem" 159 fookey = "../../../helper/tlsutil/testdata/nomad-foo-key.pem" 160 ) 161 a := &TLSConfig{ 162 CAFile: cafile, 163 CertFile: foocert, 164 KeyFile: fookey, 165 } 166 a.SetChecksum() 167 168 b := &TLSConfig{ 169 CAFile: cafile, 170 CertFile: foocert, 171 KeyFile: fookey, 172 } 173 isEqual, err := a.CertificateInfoIsEqual(b) 174 require.Nil(err) 175 require.True(isEqual) 176 } 177 178 func TestTLS_Copy(t *testing.T) { 179 ci.Parallel(t) 180 181 require := require.New(t) 182 const ( 183 cafile = "../../../helper/tlsutil/testdata/ca.pem" 184 foocert = "../../../helper/tlsutil/testdata/nomad-foo.pem" 185 fookey = "../../../helper/tlsutil/testdata/nomad-foo-key.pem" 186 ) 187 a := &TLSConfig{ 188 CAFile: cafile, 189 CertFile: foocert, 190 KeyFile: fookey, 191 TLSCipherSuites: "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", 192 TLSMinVersion: "tls12", 193 TLSPreferServerCipherSuites: true, 194 } 195 a.SetChecksum() 196 197 aCopy := a.Copy() 198 isEqual, err := a.CertificateInfoIsEqual(aCopy) 199 require.Nil(err) 200 require.True(isEqual) 201 } 202 203 // GetKeyLoader should always return an initialized KeyLoader for a TLSConfig 204 // object 205 func TestTLS_GetKeyloader(t *testing.T) { 206 ci.Parallel(t) 207 208 require := require.New(t) 209 a := &TLSConfig{} 210 require.NotNil(a.GetKeyLoader()) 211 } 212 213 func TestTLS_SetChecksum(t *testing.T) { 214 require := require.New(t) 215 const ( 216 cafile = "../../../helper/tlsutil/testdata/ca.pem" 217 foocert = "../../../helper/tlsutil/testdata/nomad-foo.pem" 218 fookey = "../../../helper/tlsutil/testdata/nomad-foo-key.pem" 219 foocert2 = "../../../helper/tlsutil/testdata/nomad-bad.pem" 220 fookey2 = "../../../helper/tlsutil/testdata/nomad-bad-key.pem" 221 ) 222 223 a := &TLSConfig{ 224 CAFile: cafile, 225 CertFile: foocert, 226 KeyFile: fookey, 227 } 228 a.SetChecksum() 229 oldChecksum := a.Checksum 230 231 a.CertFile = foocert2 232 a.KeyFile = fookey2 233 234 a.SetChecksum() 235 236 require.NotEqual(oldChecksum, a.Checksum) 237 }