ContainerImage.Pinniped/internal/clientcertissuer/issuer_test.go

170 lines
5.3 KiB
Go
Raw Permalink Normal View History

2023-06-07 23:08:33 +00:00
// Copyright 2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package clientcertissuer
2023-06-07 23:08:33 +00:00
import (
"errors"
"testing"
"time"
"github.com/golang/mock/gomock"
"github.com/stretchr/testify/require"
2023-07-07 16:52:32 +00:00
2023-06-07 23:08:33 +00:00
"go.pinniped.dev/internal/mocks/issuermocks"
)
func TestName(t *testing.T) {
ctrl := gomock.NewController(t)
tests := []struct {
name string
buildIssuerMocks func() ClientCertIssuers
want string
}{
{
name: "empty issuers",
buildIssuerMocks: func() ClientCertIssuers { return ClientCertIssuers{} },
want: "empty-client-cert-issuers",
},
{
name: "foo issuer",
buildIssuerMocks: func() ClientCertIssuers {
fooClientCertIssuer := issuermocks.NewMockClientCertIssuer(ctrl)
fooClientCertIssuer.EXPECT().Name().Return("foo")
return ClientCertIssuers{fooClientCertIssuer}
},
want: "foo",
},
{
name: "foo and bar issuers",
buildIssuerMocks: func() ClientCertIssuers {
fooClientCertIssuer := issuermocks.NewMockClientCertIssuer(ctrl)
fooClientCertIssuer.EXPECT().Name().Return("foo")
barClientCertIssuer := issuermocks.NewMockClientCertIssuer(ctrl)
barClientCertIssuer.EXPECT().Name().Return("bar")
return ClientCertIssuers{fooClientCertIssuer, barClientCertIssuer}
},
want: "foo,bar",
},
}
for _, tTemp := range tests {
testcase := tTemp
t.Run(testcase.name, func(t *testing.T) {
t.Parallel()
name := testcase.buildIssuerMocks().Name()
require.Equal(t, testcase.want, name)
})
}
}
func TestIssueClientCertPEM(t *testing.T) {
ctrl := gomock.NewController(t)
tests := []struct {
name string
buildIssuerMocks func() ClientCertIssuers
wantErrorMessage string
wantCert []byte
wantKey []byte
}{
{
name: "empty issuers",
buildIssuerMocks: func() ClientCertIssuers { return ClientCertIssuers{} },
wantErrorMessage: "failed to issue cert",
},
{
name: "issuers with error",
buildIssuerMocks: func() ClientCertIssuers {
errClientCertIssuer := issuermocks.NewMockClientCertIssuer(ctrl)
errClientCertIssuer.EXPECT().Name().Return("error cert issuer")
errClientCertIssuer.EXPECT().
IssueClientCertPEM("username", []string{"group1", "group2"}, 32*time.Second).
Return(nil, nil, errors.New("error from wrapped cert issuer"))
return ClientCertIssuers{errClientCertIssuer}
},
wantErrorMessage: "error cert issuer failed to issue client cert: error from wrapped cert issuer",
},
{
name: "valid issuer",
buildIssuerMocks: func() ClientCertIssuers {
validClientCertIssuer := issuermocks.NewMockClientCertIssuer(ctrl)
validClientCertIssuer.EXPECT().
IssueClientCertPEM("username", []string{"group1", "group2"}, 32*time.Second).
Return([]byte("cert"), []byte("key"), nil)
return ClientCertIssuers{validClientCertIssuer}
},
wantCert: []byte("cert"),
wantKey: []byte("key"),
},
{
name: "fallthrough issuer",
buildIssuerMocks: func() ClientCertIssuers {
errClientCertIssuer := issuermocks.NewMockClientCertIssuer(ctrl)
errClientCertIssuer.EXPECT().Name().Return("error cert issuer")
errClientCertIssuer.EXPECT().
IssueClientCertPEM("username", []string{"group1", "group2"}, 32*time.Second).
Return(nil, nil, errors.New("error from wrapped cert issuer"))
validClientCertIssuer := issuermocks.NewMockClientCertIssuer(ctrl)
validClientCertIssuer.EXPECT().
IssueClientCertPEM("username", []string{"group1", "group2"}, 32*time.Second).
Return([]byte("cert"), []byte("key"), nil)
return ClientCertIssuers{
errClientCertIssuer,
validClientCertIssuer,
}
},
wantCert: []byte("cert"),
wantKey: []byte("key"),
},
{
name: "multiple error issuers",
buildIssuerMocks: func() ClientCertIssuers {
err1ClientCertIssuer := issuermocks.NewMockClientCertIssuer(ctrl)
err1ClientCertIssuer.EXPECT().Name().Return("error1 cert issuer")
err1ClientCertIssuer.EXPECT().
IssueClientCertPEM("username", []string{"group1", "group2"}, 32*time.Second).
Return(nil, nil, errors.New("error1 from wrapped cert issuer"))
err2ClientCertIssuer := issuermocks.NewMockClientCertIssuer(ctrl)
err2ClientCertIssuer.EXPECT().Name().Return("error2 cert issuer")
err2ClientCertIssuer.EXPECT().
IssueClientCertPEM("username", []string{"group1", "group2"}, 32*time.Second).
Return(nil, nil, errors.New("error2 from wrapped cert issuer"))
return ClientCertIssuers{
err1ClientCertIssuer,
err2ClientCertIssuer,
}
},
wantErrorMessage: "[error1 cert issuer failed to issue client cert: error1 from wrapped cert issuer, error2 cert issuer failed to issue client cert: error2 from wrapped cert issuer]",
},
}
for _, tTemp := range tests {
testcase := tTemp
t.Run(testcase.name, func(t *testing.T) {
t.Parallel()
certPEM, keyPEM, err := testcase.buildIssuerMocks().
IssueClientCertPEM("username", []string{"group1", "group2"}, 32*time.Second)
if testcase.wantErrorMessage != "" {
require.ErrorContains(t, err, testcase.wantErrorMessage)
require.Empty(t, certPEM)
require.Empty(t, keyPEM)
} else {
require.NoError(t, err)
require.Equal(t, testcase.wantCert, certPEM)
require.Equal(t, testcase.wantKey, keyPEM)
}
})
}
}