2023-03-28 19:39:22 +01:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
2023-08-11 09:12:13 -04:00
|
|
|
// SPDX-License-Identifier: BUSL-1.1
|
2023-03-28 19:39:22 +01:00
|
|
|
|
2020-06-10 16:47:35 -04:00
|
|
|
package autoconf
|
|
|
|
|
|
|
|
import (
|
|
|
|
"testing"
|
|
|
|
|
2021-08-09 16:04:23 -04:00
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
|
2020-06-10 16:47:35 -04:00
|
|
|
"github.com/hashicorp/consul/agent/config"
|
2020-08-31 13:12:17 -04:00
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
2023-02-17 16:14:46 -05:00
|
|
|
pbconfig "github.com/hashicorp/consul/proto/private/pbconfig"
|
|
|
|
"github.com/hashicorp/consul/proto/private/pbconnect"
|
2020-06-10 16:47:35 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
func stringPointer(s string) *string {
|
|
|
|
return &s
|
|
|
|
}
|
|
|
|
|
|
|
|
func boolPointer(b bool) *bool {
|
|
|
|
return &b
|
|
|
|
}
|
|
|
|
|
2020-08-31 13:12:17 -04:00
|
|
|
func mustTranslateCARootToProtobuf(t *testing.T, in *structs.CARoot) *pbconnect.CARoot {
|
2022-03-16 12:12:29 -04:00
|
|
|
out, err := pbconnect.NewCARootFromStructs(in)
|
2020-08-31 13:12:17 -04:00
|
|
|
require.NoError(t, err)
|
|
|
|
return out
|
|
|
|
}
|
|
|
|
|
|
|
|
func mustTranslateCARootsToStructs(t *testing.T, in *pbconnect.CARoots) *structs.IndexedCARoots {
|
2022-03-16 12:12:29 -04:00
|
|
|
out, err := pbconnect.CARootsToStructs(in)
|
2020-08-31 13:12:17 -04:00
|
|
|
require.NoError(t, err)
|
|
|
|
return out
|
|
|
|
}
|
|
|
|
|
|
|
|
func mustTranslateCARootsToProtobuf(t *testing.T, in *structs.IndexedCARoots) *pbconnect.CARoots {
|
2022-03-16 12:12:29 -04:00
|
|
|
out, err := pbconnect.NewCARootsFromStructs(in)
|
2020-08-31 13:12:17 -04:00
|
|
|
require.NoError(t, err)
|
|
|
|
return out
|
|
|
|
}
|
|
|
|
|
|
|
|
func mustTranslateIssuedCertToProtobuf(t *testing.T, in *structs.IssuedCert) *pbconnect.IssuedCert {
|
2022-03-22 16:30:00 -04:00
|
|
|
var out, err = pbconnect.NewIssuedCertFromStructs(in)
|
2020-08-31 13:12:17 -04:00
|
|
|
require.NoError(t, err)
|
|
|
|
return out
|
|
|
|
}
|
|
|
|
|
2020-08-10 13:03:33 -04:00
|
|
|
func TestTranslateConfig(t *testing.T) {
|
2020-06-10 16:47:35 -04:00
|
|
|
original := pbconfig.Config{
|
|
|
|
Datacenter: "abc",
|
|
|
|
PrimaryDatacenter: "def",
|
|
|
|
NodeName: "ghi",
|
|
|
|
SegmentName: "jkl",
|
|
|
|
ACL: &pbconfig.ACL{
|
|
|
|
Enabled: true,
|
|
|
|
PolicyTTL: "1s",
|
|
|
|
RoleTTL: "2s",
|
|
|
|
TokenTTL: "3s",
|
|
|
|
DownPolicy: "deny",
|
|
|
|
DefaultPolicy: "deny",
|
|
|
|
EnableKeyListPolicy: true,
|
|
|
|
EnableTokenPersistence: true,
|
|
|
|
MSPDisableBootstrap: false,
|
|
|
|
Tokens: &pbconfig.ACLTokens{
|
2021-12-07 19:59:38 +00:00
|
|
|
InitialManagement: "99e7e490-6baf-43fc-9010-78b6aa9a6813",
|
|
|
|
Replication: "51308d40-465c-4ac6-a636-7c0747edec89",
|
|
|
|
AgentRecovery: "e012e1ea-78a2-41cc-bc8b-231a44196f39",
|
|
|
|
Default: "8781a3f5-de46-4b45-83e1-c92f4cfd0332",
|
|
|
|
Agent: "ddb8f1b0-8a99-4032-b601-87926bce244e",
|
2020-06-10 16:47:35 -04:00
|
|
|
ManagedServiceProvider: []*pbconfig.ACLServiceProviderToken{
|
|
|
|
{
|
|
|
|
AccessorID: "23f37987-7b9e-4e5b-acae-dbc9bc137bae",
|
|
|
|
SecretID: "e28b820a-438e-4e2b-ad24-fe59e6a4914f",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
AutoEncrypt: &pbconfig.AutoEncrypt{
|
|
|
|
TLS: true,
|
|
|
|
DNSSAN: []string{"dns"},
|
|
|
|
IPSAN: []string{"198.18.0.1"},
|
|
|
|
AllowTLS: false,
|
|
|
|
},
|
|
|
|
Gossip: &pbconfig.Gossip{
|
|
|
|
RetryJoinLAN: []string{"10.0.0.1"},
|
|
|
|
Encryption: &pbconfig.GossipEncryption{
|
|
|
|
Key: "blarg",
|
|
|
|
VerifyOutgoing: true,
|
|
|
|
VerifyIncoming: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
TLS: &pbconfig.TLS{
|
2022-03-18 10:46:58 +00:00
|
|
|
VerifyOutgoing: true,
|
|
|
|
VerifyServerHostname: true,
|
|
|
|
CipherSuites: "stuff",
|
|
|
|
MinVersion: "tls13",
|
2020-06-10 16:47:35 -04:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2020-08-10 13:03:33 -04:00
|
|
|
expected := config.Config{
|
2022-03-18 10:46:58 +00:00
|
|
|
Datacenter: stringPointer("abc"),
|
|
|
|
PrimaryDatacenter: stringPointer("def"),
|
|
|
|
NodeName: stringPointer("ghi"),
|
|
|
|
SegmentName: stringPointer("jkl"),
|
|
|
|
RetryJoinLAN: []string{"10.0.0.1"},
|
|
|
|
EncryptKey: stringPointer("blarg"),
|
|
|
|
EncryptVerifyIncoming: boolPointer(true),
|
|
|
|
EncryptVerifyOutgoing: boolPointer(true),
|
|
|
|
TLS: config.TLS{
|
|
|
|
Defaults: config.TLSProtocolConfig{
|
|
|
|
VerifyOutgoing: boolPointer(true),
|
|
|
|
TLSCipherSuites: stringPointer("stuff"),
|
2022-03-24 15:32:25 -04:00
|
|
|
TLSMinVersion: stringPointer("TLSv1_3"),
|
2022-03-18 10:46:58 +00:00
|
|
|
},
|
|
|
|
InternalRPC: config.TLSProtocolConfig{
|
|
|
|
VerifyServerHostname: boolPointer(true),
|
|
|
|
},
|
|
|
|
},
|
2020-06-10 16:47:35 -04:00
|
|
|
ACL: config.ACL{
|
|
|
|
Enabled: boolPointer(true),
|
|
|
|
PolicyTTL: stringPointer("1s"),
|
|
|
|
RoleTTL: stringPointer("2s"),
|
|
|
|
TokenTTL: stringPointer("3s"),
|
|
|
|
DownPolicy: stringPointer("deny"),
|
|
|
|
DefaultPolicy: stringPointer("deny"),
|
|
|
|
EnableKeyListPolicy: boolPointer(true),
|
|
|
|
EnableTokenPersistence: boolPointer(true),
|
|
|
|
Tokens: config.Tokens{
|
2021-12-07 19:59:38 +00:00
|
|
|
InitialManagement: stringPointer("99e7e490-6baf-43fc-9010-78b6aa9a6813"),
|
|
|
|
AgentRecovery: stringPointer("e012e1ea-78a2-41cc-bc8b-231a44196f39"),
|
|
|
|
Replication: stringPointer("51308d40-465c-4ac6-a636-7c0747edec89"),
|
|
|
|
Default: stringPointer("8781a3f5-de46-4b45-83e1-c92f4cfd0332"),
|
|
|
|
Agent: stringPointer("ddb8f1b0-8a99-4032-b601-87926bce244e"),
|
2020-06-10 16:47:35 -04:00
|
|
|
ManagedServiceProvider: []config.ServiceProviderToken{
|
|
|
|
{
|
|
|
|
AccessorID: stringPointer("23f37987-7b9e-4e5b-acae-dbc9bc137bae"),
|
|
|
|
SecretID: stringPointer("e28b820a-438e-4e2b-ad24-fe59e6a4914f"),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
AutoEncrypt: config.AutoEncrypt{
|
|
|
|
TLS: boolPointer(true),
|
|
|
|
DNSSAN: []string{"dns"},
|
|
|
|
IPSAN: []string{"198.18.0.1"},
|
|
|
|
AllowTLS: boolPointer(false),
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2020-06-26 14:53:07 -04:00
|
|
|
translated := translateConfig(&original)
|
2020-08-10 13:03:33 -04:00
|
|
|
require.Equal(t, expected, translated)
|
2020-06-10 16:47:35 -04:00
|
|
|
}
|
2020-08-31 13:12:17 -04:00
|
|
|
|
|
|
|
func TestCArootsTranslation(t *testing.T) {
|
|
|
|
_, indexedRoots, _ := testCerts(t, "autoconf", "dc1")
|
|
|
|
protoRoots := mustTranslateCARootsToProtobuf(t, indexedRoots)
|
|
|
|
require.Equal(t, indexedRoots, mustTranslateCARootsToStructs(t, protoRoots))
|
|
|
|
}
|
2022-03-16 12:12:29 -04:00
|
|
|
|
|
|
|
func caRootRoundtrip(t *testing.T, s *structs.CARoot) *structs.CARoot {
|
|
|
|
pbRoot, err := pbconnect.NewCARootFromStructs(s)
|
|
|
|
require.NoError(t, err)
|
|
|
|
root, err := pbconnect.CARootToStructs(pbRoot)
|
|
|
|
require.NoError(t, err)
|
|
|
|
return root
|
|
|
|
}
|
|
|
|
func caRootsRoundtrip(t *testing.T, s *structs.IndexedCARoots) *structs.IndexedCARoots {
|
|
|
|
pbRoot, err := pbconnect.NewCARootsFromStructs(s)
|
|
|
|
require.NoError(t, err)
|
|
|
|
root, err := pbconnect.CARootsToStructs(pbRoot)
|
|
|
|
require.NoError(t, err)
|
|
|
|
return root
|
|
|
|
}
|
|
|
|
|
|
|
|
func issuedCertRoundtrip(t *testing.T, s *structs.IssuedCert) *structs.IssuedCert {
|
|
|
|
pbCert, err := pbconnect.NewIssuedCertFromStructs(s)
|
|
|
|
require.NoError(t, err)
|
|
|
|
cert, err := pbconnect.IssuedCertToStructs(pbCert)
|
|
|
|
require.NoError(t, err)
|
|
|
|
return cert
|
|
|
|
}
|