github.com/blend/go-sdk@v1.20220411.3/spiffeutil/parse_test.go (about)

     1  /*
     2  
     3  Copyright (c) 2022 - Present. Blend Labs, Inc. All rights reserved
     4  Use of this source code is governed by a MIT license that can be found in the LICENSE file.
     5  
     6  */
     7  
     8  package spiffeutil_test
     9  
    10  import (
    11  	"testing"
    12  
    13  	sdkAssert "github.com/blend/go-sdk/assert"
    14  	"github.com/blend/go-sdk/ex"
    15  
    16  	"github.com/blend/go-sdk/spiffeutil"
    17  )
    18  
    19  func TestParse(t *testing.T) {
    20  	assert := sdkAssert.New(t)
    21  
    22  	type failureCase struct {
    23  		URI     string
    24  		Message string
    25  	}
    26  	failures := []failureCase{
    27  		{URI: "https://web.invalid", Message: "Does not match protocol: \"https://web.invalid\""},
    28  		{URI: "spiffe://only.local", Message: "Missing workload identifier: \"spiffe://only.local\""},
    29  		{URI: "spiffe://only.local/", Message: "Missing workload identifier: \"spiffe://only.local/\""},
    30  	}
    31  	for _, fc := range failures {
    32  		pu, err := spiffeutil.Parse(fc.URI)
    33  		assert.Nil(pu)
    34  		assert.True(ex.Is(err, spiffeutil.ErrInvalidURI))
    35  		asEx, ok := err.(*ex.Ex)
    36  		assert.True(ok)
    37  		assert.Equal(fc.Message, asEx.Message)
    38  	}
    39  
    40  	// Success.
    41  	pu, err := spiffeutil.Parse("spiffe://cluster.local/ns/blend/sa/quasar")
    42  	expected := &spiffeutil.ParsedURI{TrustDomain: "cluster.local", WorkloadID: "ns/blend/sa/quasar"}
    43  	assert.Equal(expected, pu)
    44  	assert.Nil(err)
    45  }
    46  
    47  func TestParseKubernetesWorkloadID(t *testing.T) {
    48  	assert := sdkAssert.New(t)
    49  
    50  	type testCase struct {
    51  		WorkloadID     string
    52  		Namespace      string
    53  		ServiceAccount string
    54  	}
    55  	testCases := []testCase{
    56  		{WorkloadID: "ns/light1/sa/bulb", Namespace: "light1", ServiceAccount: "bulb"},
    57  		{WorkloadID: "xy/light1/sa/bulb"},
    58  		{WorkloadID: "ns/light1/xy/bulb"},
    59  		{WorkloadID: "ns/light1/sa/bulb/extra"},
    60  	}
    61  	for _, tc := range testCases {
    62  		kw, err := spiffeutil.ParseKubernetesWorkloadID(tc.WorkloadID)
    63  
    64  		if tc.Namespace == "" {
    65  			assert.True(ex.Is(spiffeutil.ErrNonKubernetesWorkload, err))
    66  			assert.Nil(kw)
    67  		} else {
    68  			assert.Nil(err)
    69  			expected := &spiffeutil.KubernetesWorkload{
    70  				Namespace:      tc.Namespace,
    71  				ServiceAccount: tc.ServiceAccount,
    72  			}
    73  			assert.Equal(expected, kw)
    74  		}
    75  	}
    76  }