github.com/wallyworld/juju@v0.0.0-20161013125918-6cf1bc9d917a/controller/config_test.go (about) 1 // Copyright 2016 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package controller_test 5 6 import ( 7 stdtesting "testing" 8 "time" 9 10 "github.com/juju/loggo" 11 gitjujutesting "github.com/juju/testing" 12 jc "github.com/juju/testing/checkers" 13 gc "gopkg.in/check.v1" 14 15 "github.com/juju/juju/cert" 16 "github.com/juju/juju/controller" 17 "github.com/juju/juju/testing" 18 ) 19 20 func Test(t *stdtesting.T) { 21 gc.TestingT(t) 22 } 23 24 type ConfigSuite struct { 25 testing.FakeJujuXDGDataHomeSuite 26 home string 27 } 28 29 var _ = gc.Suite(&ConfigSuite{}) 30 31 func (s *ConfigSuite) SetUpTest(c *gc.C) { 32 s.FakeJujuXDGDataHomeSuite.SetUpTest(c) 33 // Make sure that the defaults are used, which 34 // is <root>=WARNING 35 loggo.DefaultContext().ResetLoggerLevels() 36 } 37 38 func (s *ConfigSuite) TestGenerateControllerCertAndKey(c *gc.C) { 39 // Add a cert. 40 s.FakeHomeSuite.Home.AddFiles(c, gitjujutesting.TestFile{".ssh/id_rsa.pub", "rsa\n"}) 41 42 for _, test := range []struct { 43 caCert string 44 caKey string 45 sanValues []string 46 }{{ 47 caCert: testing.CACert, 48 caKey: testing.CAKey, 49 }, { 50 caCert: testing.CACert, 51 caKey: testing.CAKey, 52 sanValues: []string{"10.0.0.1", "192.168.1.1"}, 53 }} { 54 certPEM, keyPEM, err := controller.GenerateControllerCertAndKey(test.caCert, test.caKey, test.sanValues) 55 c.Assert(err, jc.ErrorIsNil) 56 57 _, _, err = cert.ParseCertAndKey(certPEM, keyPEM) 58 c.Check(err, jc.ErrorIsNil) 59 60 err = cert.Verify(certPEM, testing.CACert, time.Now()) 61 c.Assert(err, jc.ErrorIsNil) 62 err = cert.Verify(certPEM, testing.CACert, time.Now().AddDate(9, 0, 0)) 63 c.Assert(err, jc.ErrorIsNil) 64 err = cert.Verify(certPEM, testing.CACert, time.Now().AddDate(10, 0, 1)) 65 c.Assert(err, gc.NotNil) 66 srvCert, err := cert.ParseCert(certPEM) 67 c.Assert(err, jc.ErrorIsNil) 68 sanIPs := make([]string, len(srvCert.IPAddresses)) 69 for i, ip := range srvCert.IPAddresses { 70 sanIPs[i] = ip.String() 71 } 72 c.Assert(sanIPs, jc.SameContents, test.sanValues) 73 } 74 } 75 76 var validateTests = []struct { 77 about string 78 config controller.Config 79 expectError string 80 }{{ 81 about: "missing CA cert", 82 expectError: `missing CA certificate`, 83 }, { 84 about: "bad CA cert", 85 config: controller.Config{ 86 controller.CACertKey: "xxx", 87 }, 88 expectError: `bad CA certificate in configuration: no certificates found`, 89 }, { 90 about: "bad controller UUID", 91 config: controller.Config{ 92 controller.ControllerUUIDKey: "xxx", 93 controller.CACertKey: testing.CACert, 94 }, 95 expectError: `controller-uuid: expected UUID, got string\("xxx"\)`, 96 }, { 97 about: "HTTPS identity URL OK", 98 config: controller.Config{ 99 controller.IdentityURL: "https://0.1.2.3/foo", 100 controller.CACertKey: testing.CACert, 101 }, 102 }, { 103 about: "HTTP identity URL requires public key", 104 config: controller.Config{ 105 controller.IdentityURL: "http://0.1.2.3/foo", 106 controller.CACertKey: testing.CACert, 107 }, 108 expectError: `URL needs to be https when identity-public-key not provided`, 109 }, { 110 about: "HTTP identity URL OK if public key is provided", 111 config: controller.Config{ 112 controller.IdentityPublicKey: `o/yOqSNWncMo1GURWuez/dGR30TscmmuIxgjztpoHEY=`, 113 controller.IdentityURL: "http://0.1.2.3/foo", 114 controller.CACertKey: testing.CACert, 115 }, 116 }, { 117 about: "invalid identity public key", 118 config: controller.Config{ 119 controller.IdentityPublicKey: `xxxx`, 120 controller.CACertKey: testing.CACert, 121 }, 122 expectError: `invalid identity public key: wrong length for base64 key, got 3 want 32`, 123 }} 124 125 func (s *ConfigSuite) TestValidate(c *gc.C) { 126 for i, test := range validateTests { 127 c.Logf("test %d: %v", i, test.about) 128 err := test.config.Validate() 129 if test.expectError != "" { 130 c.Assert(err, gc.ErrorMatches, test.expectError) 131 } else { 132 c.Assert(err, jc.ErrorIsNil) 133 } 134 } 135 }