github.com/uchennaokeke444/nomad@v0.11.8/nomad/structs/config/tls_test.go (about) 1 package config 2 3 import ( 4 "testing" 5 6 "github.com/stretchr/testify/assert" 7 "github.com/stretchr/testify/require" 8 ) 9 10 func TestTLSConfig_Merge(t *testing.T) { 11 assert := assert.New(t) 12 a := &TLSConfig{ 13 CAFile: "test-ca-file", 14 CertFile: "test-cert-file", 15 } 16 17 b := &TLSConfig{ 18 EnableHTTP: true, 19 EnableRPC: true, 20 VerifyServerHostname: true, 21 CAFile: "test-ca-file-2", 22 CertFile: "test-cert-file-2", 23 RPCUpgradeMode: true, 24 TLSCipherSuites: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 25 TLSMinVersion: "tls12", 26 TLSPreferServerCipherSuites: true, 27 } 28 29 new := a.Merge(b) 30 assert.Equal(b, new) 31 } 32 33 func TestTLS_CertificateInfoIsEqual_TrueWhenEmpty(t *testing.T) { 34 require := require.New(t) 35 a := &TLSConfig{} 36 b := &TLSConfig{} 37 isEqual, err := a.CertificateInfoIsEqual(b) 38 require.Nil(err) 39 require.True(isEqual) 40 } 41 42 func TestTLS_CertificateInfoIsEqual_FalseWhenUnequal(t *testing.T) { 43 require := require.New(t) 44 const ( 45 cafile = "../../../helper/tlsutil/testdata/ca.pem" 46 foocert = "../../../helper/tlsutil/testdata/nomad-foo.pem" 47 fookey = "../../../helper/tlsutil/testdata/nomad-foo-key.pem" 48 foocert2 = "../../../helper/tlsutil/testdata/nomad-bad.pem" 49 fookey2 = "../../../helper/tlsutil/testdata/nomad-bad-key.pem" 50 ) 51 52 // Assert that both mismatching certificate and key files are considered 53 // unequal 54 { 55 a := &TLSConfig{ 56 CAFile: cafile, 57 CertFile: foocert, 58 KeyFile: fookey, 59 } 60 a.SetChecksum() 61 62 b := &TLSConfig{ 63 CAFile: cafile, 64 CertFile: foocert2, 65 KeyFile: fookey2, 66 } 67 isEqual, err := a.CertificateInfoIsEqual(b) 68 require.Nil(err) 69 require.False(isEqual) 70 } 71 72 // Assert that mismatching certificate are considered unequal 73 { 74 a := &TLSConfig{ 75 CAFile: cafile, 76 CertFile: foocert, 77 KeyFile: fookey, 78 } 79 a.SetChecksum() 80 81 b := &TLSConfig{ 82 CAFile: cafile, 83 CertFile: foocert2, 84 KeyFile: fookey, 85 } 86 isEqual, err := a.CertificateInfoIsEqual(b) 87 require.Nil(err) 88 require.False(isEqual) 89 } 90 91 // Assert that mismatching keys are considered unequal 92 { 93 a := &TLSConfig{ 94 CAFile: cafile, 95 CertFile: foocert, 96 KeyFile: fookey, 97 } 98 a.SetChecksum() 99 100 b := &TLSConfig{ 101 CAFile: cafile, 102 CertFile: foocert, 103 KeyFile: fookey2, 104 } 105 isEqual, err := a.CertificateInfoIsEqual(b) 106 require.Nil(err) 107 require.False(isEqual) 108 } 109 110 // Assert that mismatching empty types are considered unequal 111 { 112 a := &TLSConfig{} 113 114 b := &TLSConfig{ 115 CAFile: cafile, 116 CertFile: foocert, 117 KeyFile: fookey2, 118 } 119 isEqual, err := a.CertificateInfoIsEqual(b) 120 require.Nil(err) 121 require.False(isEqual) 122 } 123 124 // Assert that invalid files return an error 125 { 126 a := &TLSConfig{ 127 CAFile: cafile, 128 CertFile: foocert, 129 KeyFile: fookey2, 130 } 131 132 b := &TLSConfig{ 133 CAFile: cafile, 134 CertFile: "invalid_file", 135 KeyFile: fookey2, 136 } 137 isEqual, err := a.CertificateInfoIsEqual(b) 138 require.NotNil(err) 139 require.False(isEqual) 140 } 141 } 142 143 // Certificate info should be equal when the CA file, certificate file, and key 144 // file all are equal 145 func TestTLS_CertificateInfoIsEqual_TrueWhenEqual(t *testing.T) { 146 require := require.New(t) 147 const ( 148 cafile = "../../../helper/tlsutil/testdata/ca.pem" 149 foocert = "../../../helper/tlsutil/testdata/nomad-foo.pem" 150 fookey = "../../../helper/tlsutil/testdata/nomad-foo-key.pem" 151 ) 152 a := &TLSConfig{ 153 CAFile: cafile, 154 CertFile: foocert, 155 KeyFile: fookey, 156 } 157 a.SetChecksum() 158 159 b := &TLSConfig{ 160 CAFile: cafile, 161 CertFile: foocert, 162 KeyFile: fookey, 163 } 164 isEqual, err := a.CertificateInfoIsEqual(b) 165 require.Nil(err) 166 require.True(isEqual) 167 } 168 169 func TestTLS_Copy(t *testing.T) { 170 require := require.New(t) 171 const ( 172 cafile = "../../../helper/tlsutil/testdata/ca.pem" 173 foocert = "../../../helper/tlsutil/testdata/nomad-foo.pem" 174 fookey = "../../../helper/tlsutil/testdata/nomad-foo-key.pem" 175 ) 176 a := &TLSConfig{ 177 CAFile: cafile, 178 CertFile: foocert, 179 KeyFile: fookey, 180 TLSCipherSuites: "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", 181 TLSMinVersion: "tls12", 182 TLSPreferServerCipherSuites: true, 183 } 184 a.SetChecksum() 185 186 aCopy := a.Copy() 187 isEqual, err := a.CertificateInfoIsEqual(aCopy) 188 require.Nil(err) 189 require.True(isEqual) 190 } 191 192 // GetKeyLoader should always return an initialized KeyLoader for a TLSConfig 193 // object 194 func TestTLS_GetKeyloader(t *testing.T) { 195 require := require.New(t) 196 a := &TLSConfig{} 197 require.NotNil(a.GetKeyLoader()) 198 } 199 200 func TestTLS_SetChecksum(t *testing.T) { 201 require := require.New(t) 202 const ( 203 cafile = "../../../helper/tlsutil/testdata/ca.pem" 204 foocert = "../../../helper/tlsutil/testdata/nomad-foo.pem" 205 fookey = "../../../helper/tlsutil/testdata/nomad-foo-key.pem" 206 foocert2 = "../../../helper/tlsutil/testdata/nomad-bad.pem" 207 fookey2 = "../../../helper/tlsutil/testdata/nomad-bad-key.pem" 208 ) 209 210 a := &TLSConfig{ 211 CAFile: cafile, 212 CertFile: foocert, 213 KeyFile: fookey, 214 } 215 a.SetChecksum() 216 oldChecksum := a.Checksum 217 218 a.CertFile = foocert2 219 a.KeyFile = fookey2 220 221 a.SetChecksum() 222 223 require.NotEqual(oldChecksum, a.Checksum) 224 }