google.golang.org/grpc@v1.74.2/credentials/tls/certprovider/pemfile/builder_test.go

google.golang.org/grpc@v1.74.2/credentials/tls/certprovider/pemfile/builder_test.go (about)

     1  /*
     2   *
     3   * Copyright 2020 gRPC authors.
     4   *
     5   * Licensed under the Apache License, Version 2.0 (the "License");
     6   * you may not use this file except in compliance with the License.
     7   * You may obtain a copy of the License at
     8   *
     9   *     http://www.apache.org/licenses/LICENSE-2.0
    10   *
    11   * Unless required by applicable law or agreed to in writing, software
    12   * distributed under the License is distributed on an "AS IS" BASIS,
    13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14   * See the License for the specific language governing permissions and
    15   * limitations under the License.
    16   *
    17   */
    18  
    19  package pemfile
    20  
    21  import (
    22  	"encoding/json"
    23  	"testing"
    24  
    25  	"google.golang.org/grpc/internal/envconfig"
    26  	"google.golang.org/grpc/internal/testutils"
    27  )
    28  
    29  func TestParseConfig(t *testing.T) {
    30  	tests := []struct {
    31  		desc          string
    32  		input         any
    33  		wantOutput    string
    34  		wantErr       bool
    35  		enabledSpiffe bool
    36  	}{
    37  		{
    38  			desc:    "non JSON input",
    39  			input:   new(int),
    40  			wantErr: true,
    41  		},
    42  		{
    43  			desc:    "invalid JSON",
    44  			input:   json.RawMessage(`bad bad json`),
    45  			wantErr: true,
    46  		},
    47  		{
    48  			desc:    "JSON input does not match expected",
    49  			input:   json.RawMessage(`["foo": "bar"]`),
    50  			wantErr: true,
    51  		},
    52  		{
    53  			desc:    "no credential files",
    54  			input:   json.RawMessage(`{}`),
    55  			wantErr: true,
    56  		},
    57  		{
    58  			desc: "only cert file",
    59  			input: json.RawMessage(`
    60  			{
    61  				"certificate_file": "/a/b/cert.pem"
    62  			}`),
    63  			wantErr: true,
    64  		},
    65  		{
    66  			desc: "only key file",
    67  			input: json.RawMessage(`
    68  			{
    69  				"private_key_file": "/a/b/key.pem"
    70  			}`),
    71  			wantErr: true,
    72  		},
    73  		{
    74  			desc: "cert and key in different directories",
    75  			input: json.RawMessage(`
    76  			{
    77  				"certificate_file": "/b/a/cert.pem",
    78  				"private_key_file": "/a/b/key.pem"
    79  			}`),
    80  			wantErr: true,
    81  		},
    82  		{
    83  			desc: "bad refresh duration",
    84  			input: json.RawMessage(`
    85  			{
    86  				"certificate_file":   "/a/b/cert.pem",
    87  				"private_key_file":    "/a/b/key.pem",
    88  				"ca_certificate_file": "/a/b/ca.pem",
    89  				"refresh_interval":   "duration"
    90  			}`),
    91  			wantErr: true,
    92  		},
    93  		{
    94  			desc: "good config with default refresh interval",
    95  			input: json.RawMessage(`
    96  			{
    97  				"certificate_file":   "/a/b/cert.pem",
    98  				"private_key_file":    "/a/b/key.pem",
    99  				"ca_certificate_file": "/a/b/ca.pem"
   100  			}`),
   101  			wantOutput: "file_watcher:/a/b/cert.pem:/a/b/key.pem:/a/b/ca.pem::10m0s",
   102  		},
   103  		{
   104  			desc: "good config",
   105  			input: json.RawMessage(`
   106  			{
   107  				"certificate_file":   "/a/b/cert.pem",
   108  				"private_key_file":    "/a/b/key.pem",
   109  				"ca_certificate_file": "/a/b/ca.pem",
   110  				"refresh_interval":   "200s"
   111  			}`),
   112  			wantOutput: "file_watcher:/a/b/cert.pem:/a/b/key.pem:/a/b/ca.pem::3m20s",
   113  		},
   114  		{
   115  			desc: "good config with spiffe disabled",
   116  			input: json.RawMessage(`
   117  			{
   118  				"certificate_file":   "/a/b/cert.pem",
   119  				"private_key_file":    "/a/b/key.pem",
   120  				"ca_certificate_file": "/a/b/ca.pem",
   121  				"spiffe_trust_bundle_map_file": "/a/b/spiffe_bundle.json",
   122  				"refresh_interval":   "200s"
   123  			}`),
   124  			wantOutput: "file_watcher:/a/b/cert.pem:/a/b/key.pem:/a/b/ca.pem::3m20s",
   125  		},
   126  		{
   127  			desc: "good config with spiffe enabled",
   128  			input: json.RawMessage(`
   129  			{
   130  				"certificate_file":   "/a/b/cert.pem",
   131  				"private_key_file":    "/a/b/key.pem",
   132  				"ca_certificate_file": "/a/b/ca.pem",
   133  				"spiffe_trust_bundle_map_file": "/a/b/spiffe_bundle.json",
   134  				"refresh_interval":   "200s"
   135  			}`),
   136  			wantOutput:    "file_watcher:/a/b/cert.pem:/a/b/key.pem:/a/b/ca.pem:/a/b/spiffe_bundle.json:3m20s",
   137  			enabledSpiffe: true,
   138  		},
   139  	}
   140  
   141  	for _, test := range tests {
   142  		t.Run(test.desc, func(t *testing.T) {
   143  			if test.enabledSpiffe {
   144  				testutils.SetEnvConfig(t, &envconfig.XDSSPIFFEEnabled, true)
   145  			}
   146  			builder := &pluginBuilder{}
   147  
   148  			bc, err := builder.ParseConfig(test.input)
   149  			if (err != nil) != test.wantErr {
   150  				t.Fatalf("ParseConfig(%+v) failed: %v", test.input, err)
   151  			}
   152  			if test.wantErr {
   153  				return
   154  			}
   155  
   156  			gotConfig := bc.String()
   157  			if gotConfig != test.wantOutput {
   158  				t.Fatalf("ParseConfig(%v) = %s, want %s", test.input, gotConfig, test.wantOutput)
   159  			}
   160  		})
   161  	}
   162  }