87 lines
1.9 KiB
Go
87 lines
1.9 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package troubleshoot
|
|
|
|
import (
|
|
"testing"
|
|
"time"
|
|
|
|
envoy_admin_v3 "github.com/envoyproxy/go-control-plane/envoy/admin/v3"
|
|
"github.com/stretchr/testify/require"
|
|
"google.golang.org/protobuf/types/known/timestamppb"
|
|
)
|
|
|
|
func TestValidateCerts(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
anHourAgo := timestamppb.New(time.Now().Add(-1 * time.Hour))
|
|
|
|
cases := map[string]struct {
|
|
certs *envoy_admin_v3.Certificates
|
|
expectedError string
|
|
}{
|
|
"cert is nil": {
|
|
certs: nil,
|
|
expectedError: "Certificate object is nil in the proxy configuration",
|
|
},
|
|
"no certificates": {
|
|
certs: &envoy_admin_v3.Certificates{
|
|
Certificates: []*envoy_admin_v3.Certificate{},
|
|
},
|
|
expectedError: "No certificates found",
|
|
},
|
|
"ca expired": {
|
|
certs: &envoy_admin_v3.Certificates{
|
|
Certificates: []*envoy_admin_v3.Certificate{
|
|
{
|
|
CaCert: []*envoy_admin_v3.CertificateDetails{
|
|
{
|
|
ExpirationTime: anHourAgo,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
expectedError: "CA certificate is expired",
|
|
},
|
|
"cert expired": {
|
|
certs: &envoy_admin_v3.Certificates{
|
|
Certificates: []*envoy_admin_v3.Certificate{
|
|
{
|
|
CertChain: []*envoy_admin_v3.CertificateDetails{
|
|
{
|
|
ExpirationTime: anHourAgo,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
expectedError: "Certificate chain is expired",
|
|
},
|
|
}
|
|
|
|
ts := Troubleshoot{}
|
|
for name, tc := range cases {
|
|
t.Run(name, func(t *testing.T) {
|
|
messages := ts.validateCerts(tc.certs)
|
|
|
|
var outputErrors string
|
|
for _, msgError := range messages.Errors() {
|
|
outputErrors += msgError.Message
|
|
for _, action := range msgError.PossibleActions {
|
|
outputErrors += action
|
|
}
|
|
}
|
|
if tc.expectedError == "" {
|
|
require.True(t, messages.Success())
|
|
} else {
|
|
require.Contains(t, outputErrors, tc.expectedError)
|
|
}
|
|
|
|
})
|
|
}
|
|
|
|
}
|