istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/networking/plugin/authn/util_test.go

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/networking/plugin/authn/util_test.go (about)

     1  // Copyright Istio Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package authn
    16  
    17  import (
    18  	"reflect"
    19  	"testing"
    20  
    21  	meshconfig "istio.io/api/mesh/v1alpha1"
    22  )
    23  
    24  func TestTrustDomainsForValidation(t *testing.T) {
    25  	tests := []struct {
    26  		name       string
    27  		meshConfig *meshconfig.MeshConfig
    28  		want       []string
    29  	}{
    30  		{
    31  			name: "No duplicated trust domain in mesh config",
    32  			meshConfig: &meshconfig.MeshConfig{
    33  				TrustDomain:        "cluster.local",
    34  				TrustDomainAliases: []string{"alias-1.domain", "some-other-alias-1.domain", "alias-2.domain"},
    35  			},
    36  			want: []string{"cluster.local", "alias-1.domain", "some-other-alias-1.domain", "alias-2.domain"},
    37  		},
    38  		{
    39  			name:       "Empty mesh config",
    40  			meshConfig: &meshconfig.MeshConfig{},
    41  			want:       []string{},
    42  		},
    43  		{
    44  			name: "Sequential duplicated trust domains in mesh config",
    45  			meshConfig: &meshconfig.MeshConfig{
    46  				TrustDomain: "cluster.local",
    47  				TrustDomainAliases: []string{
    48  					"alias-1.domain", "alias-1.domain", "some-other-alias-1.domain", "alias-2.domain", "alias-2.domain",
    49  				},
    50  			},
    51  			want: []string{"cluster.local", "alias-1.domain", "some-other-alias-1.domain", "alias-2.domain"},
    52  		},
    53  		{
    54  			name: "Mixed duplicated trust domains in mesh config",
    55  			meshConfig: &meshconfig.MeshConfig{
    56  				TrustDomain: "cluster.local",
    57  				TrustDomainAliases: []string{
    58  					"alias-1.domain", "cluster.local", "alias-2.domain", "some-other-alias-1.domain", "alias-2.domain", "alias-1.domain",
    59  				},
    60  			},
    61  			want: []string{"cluster.local", "alias-1.domain", "alias-2.domain", "some-other-alias-1.domain"},
    62  		},
    63  		{
    64  			name: "Extra trust domains in mesh config caCertificates",
    65  			meshConfig: &meshconfig.MeshConfig{
    66  				TrustDomain: "cluster.local",
    67  				CaCertificates: []*meshconfig.MeshConfig_CertificateData{
    68  					{
    69  						TrustDomains: []string{
    70  							"external-1.domain",
    71  						},
    72  					},
    73  					{
    74  						TrustDomains: []string{
    75  							"external-2.domain",
    76  							"external-3.domain",
    77  						},
    78  					},
    79  				},
    80  			},
    81  			want: []string{"cluster.local", "external-1.domain", "external-2.domain", "external-3.domain"},
    82  		},
    83  	}
    84  	for _, tt := range tests {
    85  		t.Run(tt.name, func(t *testing.T) {
    86  			if got := TrustDomainsForValidation(tt.meshConfig); !reflect.DeepEqual(got, tt.want) {
    87  				t.Errorf("trustDomainsForValidation() = %#v, want %#v", got, tt.want)
    88  			}
    89  		})
    90  	}
    91  }