mirror of
https://github.com/status-im/consul.git
synced 2025-01-18 09:41:32 +00:00
add cert tests (#16192)
This commit is contained in:
parent
9edb625331
commit
9881aa3f39
@ -1,6 +1,7 @@
|
||||
package troubleshoot
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
@ -15,6 +16,14 @@ func (t *Troubleshoot) validateCerts(certs *envoy_admin_v3.Certificates) error {
|
||||
var resultErr error
|
||||
now := time.Now()
|
||||
|
||||
if certs == nil {
|
||||
return errors.New("certs object is nil")
|
||||
}
|
||||
|
||||
if len(certs.GetCertificates()) == 0 {
|
||||
return errors.New("no certificates provided")
|
||||
}
|
||||
|
||||
for _, cert := range certs.GetCertificates() {
|
||||
for _, cacert := range cert.GetCaCert() {
|
||||
if now.After(cacert.GetExpirationTime().AsTime()) {
|
||||
|
71
troubleshoot/proxy/certs_test.go
Normal file
71
troubleshoot/proxy/certs_test.go
Normal file
@ -0,0 +1,71 @@
|
||||
package troubleshoot
|
||||
|
||||
import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
envoy_admin_v3 "github.com/envoyproxy/go-control-plane/envoy/admin/v3"
|
||||
"github.com/stretchr/testify/require"
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
)
|
||||
|
||||
func TestValidateCerts(t *testing.T) {
|
||||
|
||||
t.Parallel()
|
||||
|
||||
anHourAgo := timestamppb.New(time.Now().Add(-1 * time.Hour))
|
||||
|
||||
x := []struct {
|
||||
certs *envoy_admin_v3.Certificates
|
||||
expectedError string
|
||||
}{
|
||||
{
|
||||
certs: nil,
|
||||
expectedError: "certs object is nil",
|
||||
},
|
||||
{
|
||||
certs: &envoy_admin_v3.Certificates{
|
||||
Certificates: []*envoy_admin_v3.Certificate{},
|
||||
},
|
||||
expectedError: "no certificates provided",
|
||||
},
|
||||
{
|
||||
certs: &envoy_admin_v3.Certificates{
|
||||
Certificates: []*envoy_admin_v3.Certificate{
|
||||
{
|
||||
CaCert: []*envoy_admin_v3.CertificateDetails{
|
||||
{
|
||||
ExpirationTime: anHourAgo,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedError: "Ca cert is expired",
|
||||
},
|
||||
{
|
||||
certs: &envoy_admin_v3.Certificates{
|
||||
Certificates: []*envoy_admin_v3.Certificate{
|
||||
{
|
||||
CertChain: []*envoy_admin_v3.CertificateDetails{
|
||||
{
|
||||
ExpirationTime: anHourAgo,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedError: "cert chain is expired",
|
||||
},
|
||||
}
|
||||
|
||||
ts := Troubleshoot{}
|
||||
for _, tc := range x {
|
||||
err := ts.validateCerts(tc.certs)
|
||||
if tc.expectedError != "" {
|
||||
require.Error(t, err)
|
||||
require.Contains(t, err.Error(), tc.expectedError)
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -39,6 +39,11 @@ func NewTroubleshoot(envoyIP *net.IPAddr, envoyPort string) (*Troubleshoot, erro
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if envoyIP == nil {
|
||||
return nil, fmt.Errorf("envoy address is empty")
|
||||
}
|
||||
|
||||
return &Troubleshoot{
|
||||
client: c,
|
||||
envoyAddr: *envoyIP,
|
||||
|
Loading…
x
Reference in New Issue
Block a user