From ad16cc2682d37e864d6026de2faf09d81fc9207d Mon Sep 17 00:00:00 2001
From: Matt Keeler <mkeeler@users.noreply.github.com>
Date: Wed, 23 Jan 2019 15:48:57 -0500
Subject: [PATCH] Basic TLS Command Tests (#5259)

* Add tls ca create tests

* Add a basic tls cert create test
---
 command/tls/ca/create/tls_ca_create_test.go   | 89 +++++++++++++++++++
 .../tls/cert/create/tls_cert_create_test.go   | 72 +++++++++++++++
 2 files changed, 161 insertions(+)

diff --git a/command/tls/ca/create/tls_ca_create_test.go b/command/tls/ca/create/tls_ca_create_test.go
index f1f96e891..14a871d2f 100644
--- a/command/tls/ca/create/tls_ca_create_test.go
+++ b/command/tls/ca/create/tls_ca_create_test.go
@@ -1,8 +1,17 @@
 package create
 
 import (
+	"io/ioutil"
+	"os"
+	"path"
 	"strings"
 	"testing"
+	"time"
+
+	"github.com/hashicorp/consul/agent/connect"
+	"github.com/hashicorp/consul/testutil"
+	"github.com/mitchellh/cli"
+	"github.com/stretchr/testify/require"
 )
 
 func TestValidateCommand_noTabs(t *testing.T) {
@@ -11,3 +20,83 @@ func TestValidateCommand_noTabs(t *testing.T) {
 		t.Fatal("help has tabs")
 	}
 }
+
+func TestCACreateCommand(t *testing.T) {
+	require := require.New(t)
+
+	previousDirectory, err := os.Getwd()
+	require.NoError(err)
+
+	testDir := testutil.TempDir(t, "ca-create")
+
+	defer os.RemoveAll(testDir)
+	defer os.Chdir(previousDirectory)
+
+	os.Chdir(testDir)
+
+	ui := cli.NewMockUi()
+	cmd := New(ui)
+
+	require.Equal(0, cmd.Run(nil), "ca create should exit 0")
+
+	errOutput := ui.ErrorWriter.String()
+	require.Equal("", errOutput)
+
+	caPem := path.Join(testDir, "consul-agent-ca.pem")
+	require.FileExists(caPem)
+
+	certData, err := ioutil.ReadFile(caPem)
+	require.NoError(err)
+
+	cert, err := connect.ParseCert(string(certData))
+	require.NoError(err)
+	require.NotNil(cert)
+
+	require.Equal(1825*24*time.Hour, time.Until(cert.NotAfter).Round(24*time.Hour))
+	require.False(cert.PermittedDNSDomainsCritical)
+	require.Len(cert.PermittedDNSDomains, 0)
+}
+
+func TestCACreateCommandWithOptions(t *testing.T) {
+	require := require.New(t)
+
+	previousDirectory, err := os.Getwd()
+	require.NoError(err)
+
+	testDir := testutil.TempDir(t, "ca-create")
+
+	defer os.RemoveAll(testDir)
+	defer os.Chdir(previousDirectory)
+
+	os.Chdir(testDir)
+
+	ui := cli.NewMockUi()
+	cmd := New(ui)
+
+	args := []string{
+		"-days=365",
+		"-name-constraint=true",
+		"-domain=foo",
+		"-additional-name-constraint=bar",
+	}
+
+	require.Equal(0, cmd.Run(args), "ca create should exit 0")
+
+	errOutput := ui.ErrorWriter.String()
+	require.Equal("", errOutput)
+
+	caPem := path.Join(testDir, "foo-agent-ca.pem")
+	require.FileExists(caPem)
+
+	certData, err := ioutil.ReadFile(caPem)
+	require.NoError(err)
+
+	cert, err := connect.ParseCert(string(certData))
+	require.NoError(err)
+	require.NotNil(cert)
+
+	require.Equal(365*24*time.Hour, time.Until(cert.NotAfter).Round(24*time.Hour))
+	require.True(cert.PermittedDNSDomainsCritical)
+	require.Len(cert.PermittedDNSDomains, 3)
+	require.ElementsMatch(cert.PermittedDNSDomains, []string{"foo", "localhost", "bar"})
+}
diff --git a/command/tls/cert/create/tls_cert_create_test.go b/command/tls/cert/create/tls_cert_create_test.go
index f1f96e891..667518dd1 100644
--- a/command/tls/cert/create/tls_cert_create_test.go
+++ b/command/tls/cert/create/tls_cert_create_test.go
@@ -1,8 +1,18 @@
 package create
 
 import (
+	"io/ioutil"
+	"os"
+	"path"
 	"strings"
 	"testing"
+
+	"github.com/hashicorp/consul/agent/connect"
+	"github.com/hashicorp/consul/testutil"
+	"github.com/mitchellh/cli"
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/command/tls/ca/create"
 )
 
 func TestValidateCommand_noTabs(t *testing.T) {
@@ -11,3 +21,65 @@ func TestValidateCommand_noTabs(t *testing.T) {
 		t.Fatal("help has tabs")
 	}
 }
+
+func TestTlsCertCreateCommand_fileCreate(t *testing.T) {
+	require := require.New(t)
+
+	previousDirectory, err := os.Getwd()
+	require.NoError(err)
+
+	testDir := testutil.TempDir(t, "tls")
+	defer os.RemoveAll(testDir)
+	defer os.Chdir(previousDirectory)
+
+	os.Chdir(testDir)
+
+	ui := cli.NewMockUi()
+	cmd := New(ui)
+
+	// Setup CA keys
+	createCA(t, "consul")
+
+	caPath := path.Join(testDir, "consul-agent-ca.pem")
+	require.FileExists(caPath)
+
+	args := []string{
+		"-server",
+	}
+
+	require.Equal(0, cmd.Run(args))
+	require.Equal("", ui.ErrorWriter.String())
+
+	certPath := path.Join(testDir, "dc1-server-consul-0.pem")
+	keyPath := path.Join(testDir, "dc1-server-consul-0-key.pem")
+
+	require.FileExists(certPath)
+	require.FileExists(keyPath)
+
+	certData, err := ioutil.ReadFile(certPath)
+	require.NoError(err)
+	keyData, err := ioutil.ReadFile(keyPath)
+	require.NoError(err)
+
+	cert, err := connect.ParseCert(string(certData))
+	require.NoError(err)
+	require.NotNil(cert)
+
+	signer, err := connect.ParseSigner(string(keyData))
+	require.NoError(err)
+	require.NotNil(signer)
+
+	// TODO - maybe we should validate some certs here.
+}
+
+func createCA(t *testing.T, domain string) {
+	ui := cli.NewMockUi()
+	caCmd := create.New(ui)
+
+	args := []string{
+		"-domain=" + domain,
+	}
+
+	require.Equal(t, 0, caCmd.Run(args))
+	require.Equal(t, "", ui.ErrorWriter.String())
+}