deb.open-vault/api/ssh_agent_test.go

113 lines
2.8 KiB
Go
Raw Normal View History

2024-04-20 12:23:50 +00:00
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
"fmt"
"net/http"
"strings"
"testing"
)
func TestSSH_CreateTLSClient(t *testing.T) {
// load the default configuration
config, err := LoadSSHHelperConfig("./test-fixtures/agent_config.hcl")
if err != nil {
panic(fmt.Sprintf("error loading agent's config file: %s", err))
}
client, err := config.NewClient()
if err != nil {
panic(fmt.Sprintf("error creating the client: %s", err))
}
// Provide a certificate and enforce setting of transport
config.CACert = "./test-fixtures/vault.crt"
client, err = config.NewClient()
if err != nil {
panic(fmt.Sprintf("error creating the client: %s", err))
}
if client.config.HttpClient.Transport == nil {
panic(fmt.Sprintf("error creating client with TLS transport"))
}
}
func TestSSH_CreateTLSClient_tlsServerName(t *testing.T) {
// Ensure that the HTTP client is associated with the configured TLS server name.
tlsServerName := "tls.server.name"
config, err := ParseSSHHelperConfig(fmt.Sprintf(`
vault_addr = "1.2.3.4"
tls_server_name = "%s"
`, tlsServerName))
if err != nil {
panic(fmt.Sprintf("error loading config: %s", err))
}
client, err := config.NewClient()
if err != nil {
panic(fmt.Sprintf("error creating the client: %s", err))
}
actualTLSServerName := client.config.HttpClient.Transport.(*http.Transport).TLSClientConfig.ServerName
if actualTLSServerName != tlsServerName {
panic(fmt.Sprintf("incorrect TLS server name. expected: %s actual: %s", tlsServerName, actualTLSServerName))
}
}
func TestParseSSHHelperConfig(t *testing.T) {
config, err := ParseSSHHelperConfig(`
vault_addr = "1.2.3.4"
`)
if err != nil {
t.Fatal(err)
}
if config.SSHMountPoint != SSHHelperDefaultMountPoint {
t.Errorf("expected %q to be %q", config.SSHMountPoint, SSHHelperDefaultMountPoint)
}
}
func TestParseSSHHelperConfig_missingVaultAddr(t *testing.T) {
_, err := ParseSSHHelperConfig("")
if err == nil {
t.Fatal("expected error")
}
if !strings.Contains(err.Error(), `missing config "vault_addr"`) {
t.Errorf("bad error: %s", err)
}
}
func TestParseSSHHelperConfig_badKeys(t *testing.T) {
_, err := ParseSSHHelperConfig(`
vault_addr = "1.2.3.4"
nope = "bad"
`)
if err == nil {
t.Fatal("expected error")
}
if !strings.Contains(err.Error(), `ssh_helper: invalid key "nope" on line 3`) {
t.Errorf("bad error: %s", err)
}
}
func TestParseSSHHelperConfig_tlsServerName(t *testing.T) {
tlsServerName := "tls.server.name"
config, err := ParseSSHHelperConfig(fmt.Sprintf(`
vault_addr = "1.2.3.4"
tls_server_name = "%s"
`, tlsServerName))
if err != nil {
t.Fatal(err)
}
if config.TLSServerName != tlsServerName {
t.Errorf("incorrect TLS server name. expected: %s actual: %s", tlsServerName, config.TLSServerName)
}
}