Basic TLS Command Tests (#5259)
* Add tls ca create tests * Add a basic tls cert create test
This commit is contained in:
Matt Keeler
GitHub
parent
736a974494
commit
ad16cc2682
|
|
@ -1,8 +1,17 @@
|
|||
package create
|
||||
|
||||
import (
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/consul/agent/connect"
|
||||
"github.com/hashicorp/consul/testutil"
|
||||
"github.com/mitchellh/cli"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestValidateCommand_noTabs(t *testing.T) {
|
||||
|
|
@ -11,3 +20,83 @@ func TestValidateCommand_noTabs(t *testing.T) {
|
|||
t.Fatal("help has tabs")
|
||||
}
|
||||
}
|
||||
|
||||
func TestCACreateCommand(t *testing.T) {
|
||||
require := require.New(t)
|
||||
|
||||
previousDirectory, err := os.Getwd()
|
||||
require.NoError(err)
|
||||
|
||||
testDir := testutil.TempDir(t, "ca-create")
|
||||
|
||||
defer os.RemoveAll(testDir)
|
||||
defer os.Chdir(previousDirectory)
|
||||
|
||||
os.Chdir(testDir)
|
||||
|
||||
ui := cli.NewMockUi()
|
||||
cmd := New(ui)
|
||||
|
||||
require.Equal(0, cmd.Run(nil), "ca create should exit 0")
|
||||
|
||||
errOutput := ui.ErrorWriter.String()
|
||||
require.Equal("", errOutput)
|
||||
|
||||
caPem := path.Join(testDir, "consul-agent-ca.pem")
|
||||
require.FileExists(caPem)
|
||||
|
||||
certData, err := ioutil.ReadFile(caPem)
|
||||
require.NoError(err)
|
||||
|
||||
cert, err := connect.ParseCert(string(certData))
|
||||
require.NoError(err)
|
||||
require.NotNil(cert)
|
||||
|
||||
require.Equal(1825*24*time.Hour, time.Until(cert.NotAfter).Round(24*time.Hour))
|
||||
require.False(cert.PermittedDNSDomainsCritical)
|
||||
require.Len(cert.PermittedDNSDomains, 0)
|
||||
}
|
||||
|
||||
func TestCACreateCommandWithOptions(t *testing.T) {
|
||||
require := require.New(t)
|
||||
|
||||
previousDirectory, err := os.Getwd()
|
||||
require.NoError(err)
|
||||
|
||||
testDir := testutil.TempDir(t, "ca-create")
|
||||
|
||||
defer os.RemoveAll(testDir)
|
||||
defer os.Chdir(previousDirectory)
|
||||
|
||||
os.Chdir(testDir)
|
||||
|
||||
ui := cli.NewMockUi()
|
||||
cmd := New(ui)
|
||||
|
||||
args := []string{
|
||||
"-days=365",
|
||||
"-name-constraint=true",
|
||||
"-domain=foo",
|
||||
"-additional-name-constraint=bar",
|
||||
}
|
||||
|
||||
require.Equal(0, cmd.Run(args), "ca create should exit 0")
|
||||
|
||||
errOutput := ui.ErrorWriter.String()
|
||||
require.Equal("", errOutput)
|
||||
|
||||
caPem := path.Join(testDir, "foo-agent-ca.pem")
|
||||
require.FileExists(caPem)
|
||||
|
||||
certData, err := ioutil.ReadFile(caPem)
|
||||
require.NoError(err)
|
||||
|
||||
cert, err := connect.ParseCert(string(certData))
|
||||
require.NoError(err)
|
||||
require.NotNil(cert)
|
||||
|
||||
require.Equal(365*24*time.Hour, time.Until(cert.NotAfter).Round(24*time.Hour))
|
||||
require.True(cert.PermittedDNSDomainsCritical)
|
||||
require.Len(cert.PermittedDNSDomains, 3)
|
||||
require.ElementsMatch(cert.PermittedDNSDomains, []string{"foo", "localhost", "bar"})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,8 +1,18 @@
|
|||
package create
|
||||
|
||||
import (
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/hashicorp/consul/agent/connect"
|
||||
"github.com/hashicorp/consul/testutil"
|
||||
"github.com/mitchellh/cli"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/hashicorp/consul/command/tls/ca/create"
|
||||
)
|
||||
|
||||
func TestValidateCommand_noTabs(t *testing.T) {
|
||||
|
|
@ -11,3 +21,65 @@ func TestValidateCommand_noTabs(t *testing.T) {
|
|||
t.Fatal("help has tabs")
|
||||
}
|
||||
}
|
||||
|
||||
func TestTlsCertCreateCommand_fileCreate(t *testing.T) {
|
||||
require := require.New(t)
|
||||
|
||||
previousDirectory, err := os.Getwd()
|
||||
require.NoError(err)
|
||||
|
||||
testDir := testutil.TempDir(t, "tls")
|
||||
defer os.RemoveAll(testDir)
|
||||
defer os.Chdir(previousDirectory)
|
||||
|
||||
os.Chdir(testDir)
|
||||
|
||||
ui := cli.NewMockUi()
|
||||
cmd := New(ui)
|
||||
|
||||
// Setup CA keys
|
||||
createCA(t, "consul")
|
||||
|
||||
caPath := path.Join(testDir, "consul-agent-ca.pem")
|
||||
require.FileExists(caPath)
|
||||
|
||||
args := []string{
|
||||
"-server",
|
||||
}
|
||||
|
||||
require.Equal(0, cmd.Run(args))
|
||||
require.Equal("", ui.ErrorWriter.String())
|
||||
|
||||
certPath := path.Join(testDir, "dc1-server-consul-0.pem")
|
||||
keyPath := path.Join(testDir, "dc1-server-consul-0-key.pem")
|
||||
|
||||
require.FileExists(certPath)
|
||||
require.FileExists(keyPath)
|
||||
|
||||
certData, err := ioutil.ReadFile(certPath)
|
||||
require.NoError(err)
|
||||
keyData, err := ioutil.ReadFile(keyPath)
|
||||
require.NoError(err)
|
||||
|
||||
cert, err := connect.ParseCert(string(certData))
|
||||
require.NoError(err)
|
||||
require.NotNil(cert)
|
||||
|
||||
signer, err := connect.ParseSigner(string(keyData))
|
||||
require.NoError(err)
|
||||
require.NotNil(signer)
|
||||
|
||||
// TODO - maybe we should validate some certs here.
|
||||
}
|
||||
|
||||
func createCA(t *testing.T, domain string) {
|
||||
ui := cli.NewMockUi()
|
||||
caCmd := create.New(ui)
|
||||
|
||||
args := []string{
|
||||
"-domain=" + domain,
|
||||
}
|
||||
|
||||
require.Equal(t, 0, caCmd.Run(args))
|
||||
require.Equal(t, "", ui.ErrorWriter.String())
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue