consul/troubleshoot/proxy/certs_test.go

87 lines
1.9 KiB
Go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1
package troubleshoot
import (
"testing"
"time"
envoy_admin_v3 "github.com/envoyproxy/go-control-plane/envoy/admin/v3"
"github.com/stretchr/testify/require"
"google.golang.org/protobuf/types/known/timestamppb"
)
func TestValidateCerts(t *testing.T) {
t.Parallel()
anHourAgo := timestamppb.New(time.Now().Add(-1 * time.Hour))
cases := map[string]struct {
certs *envoy_admin_v3.Certificates
expectedError string
}{
"cert is nil": {
certs: nil,
expectedError: "Certificate object is nil in the proxy configuration",
},
"no certificates": {
certs: &envoy_admin_v3.Certificates{
Certificates: []*envoy_admin_v3.Certificate{},
},
expectedError: "No certificates found",
},
"ca expired": {
certs: &envoy_admin_v3.Certificates{
Certificates: []*envoy_admin_v3.Certificate{
{
CaCert: []*envoy_admin_v3.CertificateDetails{
{
ExpirationTime: anHourAgo,
},
},
},
},
},
expectedError: "CA certificate is expired",
},
"cert expired": {
certs: &envoy_admin_v3.Certificates{
Certificates: []*envoy_admin_v3.Certificate{
{
CertChain: []*envoy_admin_v3.CertificateDetails{
{
ExpirationTime: anHourAgo,
},
},
},
},
},
expectedError: "Certificate chain is expired",
},
}
ts := Troubleshoot{}
for name, tc := range cases {
t.Run(name, func(t *testing.T) {
messages := ts.validateCerts(tc.certs)
var outputErrors string
for _, msgError := range messages.Errors() {
outputErrors += msgError.Message
for _, action := range msgError.PossibleActions {
outputErrors += action
}
}
if tc.expectedError == "" {
require.True(t, messages.Success())
} else {
require.Contains(t, outputErrors, tc.expectedError)
}
})
}
}