github.com/coreos/rocket@v1.30.1-0.20200224141603-171c416fac02/rkt/flag/secflags_test.go

github.com/coreos/rocket@v1.30.1-0.20200224141603-171c416fac02/rkt/flag/secflags_test.go (about)

     1  // Copyright 2016 The rkt Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package flag
    16  
    17  import "testing"
    18  
    19  func TestSecFlags(t *testing.T) {
    20  	tests := []struct {
    21  		opts  string
    22  		image bool
    23  		tls   bool
    24  		http  bool
    25  		err   bool
    26  	}{
    27  		{
    28  			opts:  "none",
    29  			image: false,
    30  			tls:   false,
    31  			http:  false,
    32  		},
    33  		{
    34  			opts:  "image",
    35  			image: true,
    36  			tls:   false,
    37  			http:  false,
    38  		},
    39  		{
    40  			opts:  "tls",
    41  			image: false,
    42  			tls:   true,
    43  			http:  false,
    44  		},
    45  		{
    46  			opts:  "http",
    47  			image: false,
    48  			tls:   false,
    49  			http:  true,
    50  		},
    51  		{
    52  			opts:  "all",
    53  			image: true,
    54  			tls:   true,
    55  			http:  true,
    56  		},
    57  		{
    58  			opts:  "image,tls",
    59  			image: true,
    60  			tls:   true,
    61  			http:  false,
    62  		},
    63  		{
    64  			opts: "i-am-sure-we-will-not-get-this-insecure-flag",
    65  			err:  true,
    66  		},
    67  		{
    68  			opts: "ondisk",
    69  			err:  false,
    70  		},
    71  	}
    72  
    73  	for i, tt := range tests {
    74  		sf, err := NewSecFlags(tt.opts)
    75  		if err != nil && !tt.err {
    76  			t.Errorf("test %d: unexpected error in NewSecFlags: %v", i, err)
    77  		} else if err == nil && tt.err {
    78  			t.Errorf("test %d: unexpected success in NewSecFlags for options %q", i, tt.opts)
    79  		}
    80  		if err != nil {
    81  			continue
    82  		}
    83  
    84  		if got := sf.SkipImageCheck(); tt.image != got {
    85  			t.Errorf("test %d: expected image skip to be %v, got %v", i, tt.image, got)
    86  		}
    87  
    88  		if got := sf.SkipTLSCheck(); tt.tls != got {
    89  			t.Errorf("test %d: expected tls skip to be %v, got %v", i, tt.tls, got)
    90  		}
    91  
    92  		if got := sf.AllowHTTP(); tt.http != got {
    93  			t.Errorf("test %d: expected http allowed to be %v, got %v", i, tt.http, got)
    94  		}
    95  
    96  		all := tt.http && tt.tls && tt.image
    97  		if got := sf.SkipAllSecurityChecks(); all != got {
    98  			t.Errorf("test %d: expected all skip to be %v, got %v", i, all, got)
    99  		}
   100  
   101  		any := tt.http || tt.tls || tt.image
   102  		if got := sf.SkipAnySecurityChecks(); any != got {
   103  			t.Errorf("test %d: expected all skip to be %v, got %v", i, any, got)
   104  		}
   105  	}
   106  }