github.com/gravitational/teleport/api@v0.0.0-20240507183017-3110591cbafc/profile/profile_test.go (about)

     1  /*
     2  Copyright 2016-2021 Gravitational, Inc.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  
    16  */
    17  
    18  package profile_test
    19  
    20  import (
    21  	"os"
    22  	"path/filepath"
    23  	"runtime"
    24  	"testing"
    25  
    26  	"github.com/gravitational/trace"
    27  	"github.com/stretchr/testify/require"
    28  
    29  	"github.com/gravitational/teleport/api/profile"
    30  )
    31  
    32  // TestProfileBasics verifies basic profile operations such as
    33  // load/store and setting current.
    34  func TestProfileBasics(t *testing.T) {
    35  	t.Parallel()
    36  
    37  	dir := t.TempDir()
    38  
    39  	p := &profile.Profile{
    40  		WebProxyAddr:          "proxy:3088",
    41  		SSHProxyAddr:          "proxy:3023",
    42  		Username:              "testuser",
    43  		DynamicForwardedPorts: []string{"localhost:8080"},
    44  		Dir:                   dir,
    45  		SiteName:              "example.com",
    46  		AuthConnector:         "passwordless",
    47  		MFAMode:               "auto",
    48  	}
    49  
    50  	// verify that profile name is proxy host component
    51  	require.Equal(t, "proxy", p.Name())
    52  
    53  	// save to a file:
    54  	err := p.SaveToDir(dir, false)
    55  	require.NoError(t, err)
    56  
    57  	// verify that the resulting file exists and is of the form `<profile-dir>/<profile-name>.yaml`.
    58  	_, err = os.Stat(filepath.Join(dir, p.Name()+".yaml"))
    59  	require.NoError(t, err)
    60  
    61  	// try to save to non-existent dir, should get an error
    62  	err = p.SaveToDir("/bad/directory/", false)
    63  	require.Error(t, err)
    64  
    65  	// make sure current profile was not set
    66  	_, err = profile.GetCurrentProfileName(dir)
    67  	require.True(t, trace.IsNotFound(err))
    68  
    69  	// save again, this time also making current
    70  	err = p.SaveToDir(dir, true)
    71  	require.NoError(t, err)
    72  
    73  	// verify that current profile is set and matches this profile
    74  	name, err := profile.GetCurrentProfileName(dir)
    75  	require.NoError(t, err)
    76  	require.Equal(t, p.Name(), name)
    77  
    78  	// load and verify current profile
    79  	clone, err := profile.FromDir(dir, "")
    80  	require.NoError(t, err)
    81  	require.Equal(t, *p, *clone)
    82  
    83  	// load and verify directly
    84  	clone, err = profile.FromDir(dir, p.Name())
    85  	require.NoError(t, err)
    86  	require.Equal(t, *p, *clone)
    87  }
    88  
    89  func TestAppPath(t *testing.T) {
    90  	t.Parallel()
    91  
    92  	dir := t.TempDir()
    93  
    94  	p := &profile.Profile{
    95  		WebProxyAddr: "proxy:3088",
    96  		SSHProxyAddr: "proxy:3023",
    97  		Username:     "testuser",
    98  		Dir:          dir,
    99  		SiteName:     "example.com",
   100  	}
   101  
   102  	expected := filepath.Join(dir, "keys", "proxy", "testuser-app", "example.com", "banana-x509.pem")
   103  	require.Equal(t, expected, p.AppCertPath("banana"))
   104  }
   105  
   106  func TestProfilePath(t *testing.T) {
   107  	switch runtime.GOOS {
   108  	case "darwin", "linux":
   109  	default:
   110  		t.Skip("this test only runs on Unix")
   111  	}
   112  	dir := t.TempDir()
   113  	t.Setenv("HOME", dir)
   114  
   115  	require.Equal(t, "/foo/bar", profile.FullProfilePath("/foo/bar"))
   116  	require.Equal(t, filepath.Join(dir, ".tsh"), profile.FullProfilePath(""))
   117  }
   118  
   119  func TestRequireKubeLocalProxy(t *testing.T) {
   120  	t.Parallel()
   121  
   122  	tests := []struct {
   123  		name         string
   124  		inputProfile *profile.Profile
   125  		checkResult  require.BoolAssertionFunc
   126  	}{
   127  		{
   128  			name: "kube not enabled",
   129  			inputProfile: &profile.Profile{
   130  				WebProxyAddr:                  "example.com:443",
   131  				TLSRoutingEnabled:             true,
   132  				TLSRoutingConnUpgradeRequired: true,
   133  			},
   134  			checkResult: require.False,
   135  		},
   136  		{
   137  			name: "ALPN connection upgrade not required",
   138  			inputProfile: &profile.Profile{
   139  				WebProxyAddr:      "example.com:443",
   140  				KubeProxyAddr:     "example.com:443",
   141  				TLSRoutingEnabled: true,
   142  			},
   143  			checkResult: require.False,
   144  		},
   145  		{
   146  			name: "kube uses separate listener",
   147  			inputProfile: &profile.Profile{
   148  				WebProxyAddr:                  "example.com:443",
   149  				KubeProxyAddr:                 "example.com:3026",
   150  				TLSRoutingEnabled:             false,
   151  				TLSRoutingConnUpgradeRequired: true,
   152  			},
   153  			checkResult: require.False,
   154  		},
   155  		{
   156  			name: "local proxy required",
   157  			inputProfile: &profile.Profile{
   158  				WebProxyAddr:                  "example.com:443",
   159  				KubeProxyAddr:                 "example.com:443",
   160  				TLSRoutingEnabled:             true,
   161  				TLSRoutingConnUpgradeRequired: true,
   162  			},
   163  			checkResult: require.True,
   164  		},
   165  	}
   166  
   167  	for _, test := range tests {
   168  		t.Run(test.name, func(t *testing.T) {
   169  			test.checkResult(t, test.inputProfile.RequireKubeLocalProxy())
   170  		})
   171  	}
   172  }