github.com/turtlemonvh/terraform@v0.6.9-0.20151204001754-8e40b6b855e8/builtin/providers/tls/resource_self_signed_cert_test.go (about) 1 package tls 2 3 import ( 4 "crypto/x509" 5 "encoding/pem" 6 "fmt" 7 "strings" 8 "testing" 9 "time" 10 11 r "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/terraform" 13 ) 14 15 func TestSelfSignedCert(t *testing.T) { 16 r.Test(t, r.TestCase{ 17 Providers: testProviders, 18 Steps: []r.TestStep{ 19 r.TestStep{ 20 Config: fmt.Sprintf(` 21 resource "tls_self_signed_cert" "test" { 22 subject { 23 common_name = "example.com" 24 organization = "Example, Inc" 25 organizational_unit = "Department of Terraform Testing" 26 street_address = ["5879 Cotton Link"] 27 locality = "Pirate Harbor" 28 province = "CA" 29 country = "US" 30 postal_code = "95559-1227" 31 serial_number = "2" 32 } 33 34 dns_names = [ 35 "example.com", 36 "example.net", 37 ] 38 39 ip_addresses = [ 40 "127.0.0.1", 41 "127.0.0.2", 42 ] 43 44 validity_period_hours = 1 45 46 allowed_uses = [ 47 "key_encipherment", 48 "digital_signature", 49 "server_auth", 50 "client_auth", 51 ] 52 53 key_algorithm = "RSA" 54 private_key_pem = <<EOT 55 %s 56 EOT 57 } 58 output "key_pem" { 59 value = "${tls_self_signed_cert.test.cert_pem}" 60 } 61 `, testPrivateKey), 62 Check: func(s *terraform.State) error { 63 got := s.RootModule().Outputs["key_pem"] 64 if !strings.HasPrefix(got, "-----BEGIN CERTIFICATE----") { 65 return fmt.Errorf("key is missing cert PEM preamble") 66 } 67 block, _ := pem.Decode([]byte(got)) 68 cert, err := x509.ParseCertificate(block.Bytes) 69 if err != nil { 70 return fmt.Errorf("error parsing cert: %s", err) 71 } 72 if expected, got := "2", cert.Subject.SerialNumber; got != expected { 73 return fmt.Errorf("incorrect subject serial number: expected %v, got %v", expected, got) 74 } 75 if expected, got := "example.com", cert.Subject.CommonName; got != expected { 76 return fmt.Errorf("incorrect subject common name: expected %v, got %v", expected, got) 77 } 78 if expected, got := "Example, Inc", cert.Subject.Organization[0]; got != expected { 79 return fmt.Errorf("incorrect subject organization: expected %v, got %v", expected, got) 80 } 81 if expected, got := "Department of Terraform Testing", cert.Subject.OrganizationalUnit[0]; got != expected { 82 return fmt.Errorf("incorrect subject organizational unit: expected %v, got %v", expected, got) 83 } 84 if expected, got := "5879 Cotton Link", cert.Subject.StreetAddress[0]; got != expected { 85 return fmt.Errorf("incorrect subject street address: expected %v, got %v", expected, got) 86 } 87 if expected, got := "Pirate Harbor", cert.Subject.Locality[0]; got != expected { 88 return fmt.Errorf("incorrect subject locality: expected %v, got %v", expected, got) 89 } 90 if expected, got := "CA", cert.Subject.Province[0]; got != expected { 91 return fmt.Errorf("incorrect subject province: expected %v, got %v", expected, got) 92 } 93 if expected, got := "US", cert.Subject.Country[0]; got != expected { 94 return fmt.Errorf("incorrect subject country: expected %v, got %v", expected, got) 95 } 96 if expected, got := "95559-1227", cert.Subject.PostalCode[0]; got != expected { 97 return fmt.Errorf("incorrect subject postal code: expected %v, got %v", expected, got) 98 } 99 100 if expected, got := 2, len(cert.DNSNames); got != expected { 101 return fmt.Errorf("incorrect number of DNS names: expected %v, got %v", expected, got) 102 } 103 if expected, got := "example.com", cert.DNSNames[0]; got != expected { 104 return fmt.Errorf("incorrect DNS name 0: expected %v, got %v", expected, got) 105 } 106 if expected, got := "example.net", cert.DNSNames[1]; got != expected { 107 return fmt.Errorf("incorrect DNS name 0: expected %v, got %v", expected, got) 108 } 109 110 if expected, got := 2, len(cert.IPAddresses); got != expected { 111 return fmt.Errorf("incorrect number of IP addresses: expected %v, got %v", expected, got) 112 } 113 if expected, got := "127.0.0.1", cert.IPAddresses[0].String(); got != expected { 114 return fmt.Errorf("incorrect IP address 0: expected %v, got %v", expected, got) 115 } 116 if expected, got := "127.0.0.2", cert.IPAddresses[1].String(); got != expected { 117 return fmt.Errorf("incorrect IP address 0: expected %v, got %v", expected, got) 118 } 119 120 if expected, got := 2, len(cert.ExtKeyUsage); got != expected { 121 return fmt.Errorf("incorrect number of ExtKeyUsage: expected %v, got %v", expected, got) 122 } 123 if expected, got := x509.ExtKeyUsageServerAuth, cert.ExtKeyUsage[0]; got != expected { 124 return fmt.Errorf("incorrect ExtKeyUsage[0]: expected %v, got %v", expected, got) 125 } 126 if expected, got := x509.ExtKeyUsageClientAuth, cert.ExtKeyUsage[1]; got != expected { 127 return fmt.Errorf("incorrect ExtKeyUsage[1]: expected %v, got %v", expected, got) 128 } 129 130 if expected, got := x509.KeyUsageKeyEncipherment|x509.KeyUsageDigitalSignature, cert.KeyUsage; got != expected { 131 return fmt.Errorf("incorrect KeyUsage: expected %v, got %v", expected, got) 132 } 133 134 // This time checking is a bit sloppy to avoid inconsistent test results 135 // depending on the power of the machine running the tests. 136 now := time.Now() 137 if cert.NotBefore.After(now) { 138 return fmt.Errorf("certificate validity begins in the future") 139 } 140 if now.Sub(cert.NotBefore) > (2 * time.Minute) { 141 return fmt.Errorf("certificate validity begins more than two minutes in the past") 142 } 143 if cert.NotAfter.Sub(cert.NotBefore) != time.Hour { 144 return fmt.Errorf("certificate validity is not one hour") 145 } 146 147 return nil 148 }, 149 }, 150 }, 151 }) 152 }