github.com/cockroachdb/cockroach@v20.2.0-alpha.1+incompatible/pkg/base/config_test.go (about) 1 // Copyright 2015 The Cockroach Authors. 2 // 3 // Use of this software is governed by the Business Source License 4 // included in the file licenses/BSL.txt. 5 // 6 // As of the Change Date specified in that file, in accordance with 7 // the Business Source License, use of this software will be governed 8 // by the Apache License, Version 2.0, included in the file 9 // licenses/APL.txt. 10 11 package base_test 12 13 import ( 14 "testing" 15 16 "github.com/cockroachdb/cockroach/pkg/base" 17 "github.com/cockroachdb/cockroach/pkg/security" 18 "github.com/cockroachdb/cockroach/pkg/testutils" 19 "github.com/cockroachdb/cockroach/pkg/util/leaktest" 20 ) 21 22 func TestClientSSLSettings(t *testing.T) { 23 defer leaktest.AfterTest(t)() 24 25 const clientCertNotFound = "problem with client cert for user .*: not found" 26 const certDirNotFound = "problem loading certs directory" 27 28 testCases := []struct { 29 // args 30 insecure bool 31 hasCerts bool 32 user string 33 // output 34 requestScheme string 35 configErr string 36 nilConfig bool 37 noCAs bool 38 }{ 39 {true, false, security.NodeUser, "http", "", true, false}, 40 {true, true, "not-a-user", "http", "", true, false}, 41 {false, true, "not-a-user", "https", clientCertNotFound, true, false}, 42 {false, false, security.NodeUser, "https", certDirNotFound, false, true}, 43 {false, true, security.NodeUser, "https", "", false, false}, 44 {false, true, "bad-user", "https", clientCertNotFound, false, false}, 45 } 46 47 for tcNum, tc := range testCases { 48 cfg := &base.Config{Insecure: tc.insecure, User: tc.user} 49 if tc.hasCerts { 50 testutils.FillCerts(cfg) 51 } 52 if cfg.HTTPRequestScheme() != tc.requestScheme { 53 t.Fatalf("#%d: expected HTTPRequestScheme=%s, got: %s", tcNum, tc.requestScheme, cfg.HTTPRequestScheme()) 54 } 55 tlsConfig, err := cfg.GetClientTLSConfig() 56 if !testutils.IsError(err, tc.configErr) { 57 t.Fatalf("#%d: expected err=%s, got err=%v", tcNum, tc.configErr, err) 58 } 59 if err != nil { 60 continue 61 } 62 if (tlsConfig == nil) != tc.nilConfig { 63 t.Fatalf("#%d: expected nil config=%t, got: %+v", tcNum, tc.nilConfig, tlsConfig) 64 } 65 if tlsConfig == nil { 66 continue 67 } 68 if (tlsConfig.RootCAs == nil) != tc.noCAs { 69 t.Fatalf("#%d: expected nil RootCAs: %t, got: %+v", tcNum, tc.noCAs, tlsConfig.RootCAs) 70 } 71 } 72 } 73 74 func TestServerSSLSettings(t *testing.T) { 75 defer leaktest.AfterTest(t)() 76 77 testCases := []struct { 78 // args 79 insecure bool 80 hasCerts bool 81 // output 82 requestScheme string 83 configSuccess bool 84 nilConfig bool 85 }{ 86 {true, false, "http", true, true}, 87 {false, false, "https", false, false}, 88 {false, true, "https", true, false}, 89 {false, false, "https", false, false}, 90 } 91 92 for tcNum, tc := range testCases { 93 cfg := &base.Config{Insecure: tc.insecure, User: security.NodeUser} 94 if tc.hasCerts { 95 testutils.FillCerts(cfg) 96 } 97 if cfg.HTTPRequestScheme() != tc.requestScheme { 98 t.Fatalf("#%d: expected HTTPRequestScheme=%s, got: %s", tcNum, tc.requestScheme, cfg.HTTPRequestScheme()) 99 } 100 tlsConfig, err := cfg.GetServerTLSConfig() 101 if (err == nil) != tc.configSuccess { 102 t.Fatalf("#%d: expected GetServerTLSConfig success=%t, got err=%v", tcNum, tc.configSuccess, err) 103 } 104 if err != nil { 105 continue 106 } 107 if (tlsConfig == nil) != tc.nilConfig { 108 t.Fatalf("#%d: expected nil config=%t, got: %+v", tcNum, tc.nilConfig, tlsConfig) 109 } 110 } 111 }