consul/agent/rpc/peering/validate_test.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1

package peering

import (
	"errors"
	"testing"

	"github.com/stretchr/testify/require"

	"github.com/hashicorp/consul/agent/structs"
)

func TestValidatePeeringToken(t *testing.T) {
	type testCase struct {
		name    string
		token   *structs.PeeringToken
		wantErr error
	}

	tt := []testCase{
		{
			name:    "empty",
			token:   &structs.PeeringToken{},
			wantErr: errPeeringTokenEmptyServerAddresses,
		},
		{
			name: "empty CA",
			token: &structs.PeeringToken{
				CA: []string{},
			},
			wantErr: errPeeringTokenEmptyServerAddresses,
		},
		{
			name: "invalid CA",
			token: &structs.PeeringToken{
				CA: []string{"notavalidcert"},
			},
			wantErr: errors.New("peering token invalid CA: no PEM-encoded data found"),
		},
		{
			name: "invalid CA cert",
			token: &structs.PeeringToken{
				CA: []string{invalidCA},
			},
			wantErr: errors.New("peering token invalid CA: x509: malformed certificate"),
		},
		{
			name: "invalid address port",
			token: &structs.PeeringToken{
				CA:              []string{validCA},
				ServerAddresses: []string{"1.2.3.4"},
			},
			wantErr: &errPeeringInvalidServerAddress{
				"1.2.3.4",
			},
		},
		{
			name: "invalid address port - manual",
			token: &structs.PeeringToken{
				CA:                    []string{validCA},
				ManualServerAddresses: []string{"1.2.3.4"},
			},
			wantErr: &errPeeringInvalidServerAddress{
				"1.2.3.4",
			},
		},
		{
			name: "invalid server name",
			token: &structs.PeeringToken{
				CA:              []string{validCA},
				ServerAddresses: []string{"1.2.3.4:80"},
			},
			wantErr: errPeeringTokenEmptyServerName,
		},
		{
			name: "invalid peer ID",
			token: &structs.PeeringToken{
				CA:              []string{validCA},
				ServerAddresses: []string{validAddress},
				ServerName:      validServerName,
			},
			wantErr: errPeeringTokenEmptyPeerID,
		},
		{
			name: "valid token",
			token: &structs.PeeringToken{
				CA:              []string{validCA},
				ServerAddresses: []string{validAddress},
				ServerName:      validServerName,
				PeerID:          validPeerID,
			},
		},
		{
			name: "valid token with hostname address",
			token: &structs.PeeringToken{
				CA:              []string{validCA},
				ServerAddresses: []string{validHostnameAddress},
				ServerName:      validServerName,
				PeerID:          validPeerID,
			},
		},
	}

	for _, tc := range tt {
		t.Run(tc.name, func(t *testing.T) {
			err := validatePeeringToken(tc.token)
			if tc.wantErr != nil {
				if err == nil {
					t.Error("expected error but got nil")
					return
				}
				require.Contains(t, err.Error(), tc.wantErr.Error())
				return
			}
			require.NoError(t, err)
		})
	}
}
copyright headers for agent folder (#16704) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files 2023-03-28 18:39:22 +00:00			`// Copyright (c) HashiCorp, Inc.`
[COMPLIANCE] License changes (#18443) * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> 2023-08-11 13:12:13 +00:00			`// SPDX-License-Identifier: BUSL-1.1`
copyright headers for agent folder (#16704) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files 2023-03-28 18:39:22 +00:00
peering: initial sync (#12842) - Add endpoints related to peering: read, list, generate token, initiate peering - Update node/service/check table indexing to account for peers - Foundational changes for pushing service updates to a peer - Plumb peer name through Health.ServiceNodes path see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679, ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663, ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634, ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555 Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: freddygv <freddy@hashicorp.com> Co-authored-by: Chris S. Kim <ckim@hashicorp.com> Co-authored-by: Evan Culver <eculver@hashicorp.com> Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com> 2022-04-21 22:34:40 +00:00			`package peering`

			`import (`
			`"errors"`
			`"testing"`

			`"github.com/stretchr/testify/require"`
Patches to peering initiation for POC demo (#13076) Co-authored-by: R.B. Boyer <rb@hashicorp.com> 2022-05-13 19:01:00 +00:00
			`"github.com/hashicorp/consul/agent/structs"`
peering: initial sync (#12842) - Add endpoints related to peering: read, list, generate token, initiate peering - Update node/service/check table indexing to account for peers - Foundational changes for pushing service updates to a peer - Plumb peer name through Health.ServiceNodes path see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679, ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663, ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634, ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555 Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: freddygv <freddy@hashicorp.com> Co-authored-by: Chris S. Kim <ckim@hashicorp.com> Co-authored-by: Evan Culver <eculver@hashicorp.com> Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com> 2022-04-21 22:34:40 +00:00			`)`

			`func TestValidatePeeringToken(t *testing.T) {`
			`type testCase struct {`
			`name string`
			`token *structs.PeeringToken`
			`wantErr error`
			`}`

			`tt := []testCase{`
			`{`
			`name: "empty",`
			`token: &structs.PeeringToken{},`
Patches to peering initiation for POC demo (#13076) Co-authored-by: R.B. Boyer <rb@hashicorp.com> 2022-05-13 19:01:00 +00:00			`wantErr: errPeeringTokenEmptyServerAddresses,`
peering: initial sync (#12842) - Add endpoints related to peering: read, list, generate token, initiate peering - Update node/service/check table indexing to account for peers - Foundational changes for pushing service updates to a peer - Plumb peer name through Health.ServiceNodes path see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679, ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663, ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634, ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555 Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: freddygv <freddy@hashicorp.com> Co-authored-by: Chris S. Kim <ckim@hashicorp.com> Co-authored-by: Evan Culver <eculver@hashicorp.com> Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com> 2022-04-21 22:34:40 +00:00			`},`
			`{`
			`name: "empty CA",`
			`token: &structs.PeeringToken{`
			`CA: []string{},`
			`},`
Patches to peering initiation for POC demo (#13076) Co-authored-by: R.B. Boyer <rb@hashicorp.com> 2022-05-13 19:01:00 +00:00			`wantErr: errPeeringTokenEmptyServerAddresses,`
peering: initial sync (#12842) - Add endpoints related to peering: read, list, generate token, initiate peering - Update node/service/check table indexing to account for peers - Foundational changes for pushing service updates to a peer - Plumb peer name through Health.ServiceNodes path see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679, ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663, ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634, ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555 Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: freddygv <freddy@hashicorp.com> Co-authored-by: Chris S. Kim <ckim@hashicorp.com> Co-authored-by: Evan Culver <eculver@hashicorp.com> Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com> 2022-04-21 22:34:40 +00:00			`},`
			`{`
			`name: "invalid CA",`
			`token: &structs.PeeringToken{`
			`CA: []string{"notavalidcert"},`
			`},`
			`wantErr: errors.New("peering token invalid CA: no PEM-encoded data found"),`
			`},`
			`{`
			`name: "invalid CA cert",`
			`token: &structs.PeeringToken{`
			`CA: []string{invalidCA},`
			`},`
			`wantErr: errors.New("peering token invalid CA: x509: malformed certificate"),`
			`},`
			`{`
			`name: "invalid address port",`
			`token: &structs.PeeringToken{`
			`CA: []string{validCA},`
			`ServerAddresses: []string{"1.2.3.4"},`
			`},`
			`wantErr: &errPeeringInvalidServerAddress{`
			`"1.2.3.4",`
			`},`
			`},`
Bring back parameter ServerExternalAddresses in GenerateToken endpoint (#15267) Re-add ServerExternalAddresses parameter in GenerateToken endpoint This reverts commit 5e156772f6a7fba5324eb6804ae4e93c091229a6 and adds extra functionality to support newer peering behaviors. 2022-11-08 20:55:18 +00:00			`{`
			`name: "invalid address port - manual",`
			`token: &structs.PeeringToken{`
			`CA: []string{validCA},`
			`ManualServerAddresses: []string{"1.2.3.4"},`
			`},`
			`wantErr: &errPeeringInvalidServerAddress{`
			`"1.2.3.4",`
			`},`
			`},`
peering: initial sync (#12842) - Add endpoints related to peering: read, list, generate token, initiate peering - Update node/service/check table indexing to account for peers - Foundational changes for pushing service updates to a peer - Plumb peer name through Health.ServiceNodes path see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679, ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663, ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634, ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555 Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: freddygv <freddy@hashicorp.com> Co-authored-by: Chris S. Kim <ckim@hashicorp.com> Co-authored-by: Evan Culver <eculver@hashicorp.com> Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com> 2022-04-21 22:34:40 +00:00			`{`
			`name: "invalid server name",`
			`token: &structs.PeeringToken{`
			`CA: []string{validCA},`
			`ServerAddresses: []string{"1.2.3.4:80"},`
			`},`
			`wantErr: errPeeringTokenEmptyServerName,`
			`},`
			`{`
			`name: "invalid peer ID",`
			`token: &structs.PeeringToken{`
			`CA: []string{validCA},`
			`ServerAddresses: []string{validAddress},`
			`ServerName: validServerName,`
			`},`
			`wantErr: errPeeringTokenEmptyPeerID,`
			`},`
			`{`
			`name: "valid token",`
			`token: &structs.PeeringToken{`
			`CA: []string{validCA},`
			`ServerAddresses: []string{validAddress},`
			`ServerName: validServerName,`
			`PeerID: validPeerID,`
			`},`
			`},`
peering: remove validation that forces peering token server addresses to be an IP, allow hostname based addresses (#13874) 2022-07-25 23:33:47 +00:00			`{`
			`name: "valid token with hostname address",`
			`token: &structs.PeeringToken{`
			`CA: []string{validCA},`
			`ServerAddresses: []string{validHostnameAddress},`
			`ServerName: validServerName,`
			`PeerID: validPeerID,`
			`},`
			`},`
peering: initial sync (#12842) - Add endpoints related to peering: read, list, generate token, initiate peering - Update node/service/check table indexing to account for peers - Foundational changes for pushing service updates to a peer - Plumb peer name through Health.ServiceNodes path see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679, ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663, ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634, ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555 Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: freddygv <freddy@hashicorp.com> Co-authored-by: Chris S. Kim <ckim@hashicorp.com> Co-authored-by: Evan Culver <eculver@hashicorp.com> Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com> 2022-04-21 22:34:40 +00:00			`}`

			`for _, tc := range tt {`
			`t.Run(tc.name, func(t *testing.T) {`
			`err := validatePeeringToken(tc.token)`
			`if tc.wantErr != nil {`
			`if err == nil {`
			`t.Error("expected error but got nil")`
			`return`
			`}`
			`require.Contains(t, err.Error(), tc.wantErr.Error())`
			`return`
			`}`
			`require.NoError(t, err)`
			`})`
			`}`
			`}`