forked from TrueCloudLab/certificates
Fix api tests.
This commit is contained in:
Mariano Cano
max furman
parent
29853ae016
commit
0ae9bab21e
3 changed files with 95 additions and 21 deletions
|
|
@ -417,17 +417,22 @@ func TestSignRequest_Validate(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
type mockProvisioner struct {
|
type mockProvisioner struct {
|
||||||
ret1, ret2, ret3 interface{}
|
ret1, ret2, ret3 interface{}
|
||||||
err error
|
err error
|
||||||
getID func() string
|
getID func() string
|
||||||
getTokenID func(string) (string, error)
|
getTokenID func(string) (string, error)
|
||||||
getName func() string
|
getName func() string
|
||||||
getType func() provisioner.Type
|
getType func() provisioner.Type
|
||||||
getEncryptedKey func() (string, string, bool)
|
getEncryptedKey func() (string, string, bool)
|
||||||
init func(provisioner.Config) error
|
init func(provisioner.Config) error
|
||||||
authorizeRevoke func(ott string) error
|
authorizeRenew func(ctx context.Context, cert *x509.Certificate) error
|
||||||
authorizeSign func(ctx context.Context, ott string) ([]provisioner.SignOption, error)
|
authorizeRevoke func(ctx context.Context, token string) error
|
||||||
authorizeRenewal func(*x509.Certificate) error
|
authorizeSign func(ctx context.Context, ott string) ([]provisioner.SignOption, error)
|
||||||
|
authorizeRenewal func(*x509.Certificate) error
|
||||||
|
authorizeSSHSign func(ctx context.Context, token string) ([]provisioner.SignOption, error)
|
||||||
|
authorizeSSHRevoke func(ctx context.Context, token string) error
|
||||||
|
authorizeSSHRenew func(ctx context.Context, token string) (*ssh.Certificate, error)
|
||||||
|
authorizeSSHRekey func(ctx context.Context, token string) (*ssh.Certificate, []provisioner.SignOption, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *mockProvisioner) GetID() string {
|
func (m *mockProvisioner) GetID() string {
|
||||||
|
|
@ -475,9 +480,16 @@ func (m *mockProvisioner) Init(c provisioner.Config) error {
|
||||||
return m.err
|
return m.err
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *mockProvisioner) AuthorizeRevoke(ott string) error {
|
func (m *mockProvisioner) AuthorizeRenew(ctx context.Context, cert *x509.Certificate) error {
|
||||||
|
if m.authorizeRenew != nil {
|
||||||
|
return m.authorizeRenew(ctx, cert)
|
||||||
|
}
|
||||||
|
return m.err
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *mockProvisioner) AuthorizeRevoke(ctx context.Context, token string) error {
|
||||||
if m.authorizeRevoke != nil {
|
if m.authorizeRevoke != nil {
|
||||||
return m.authorizeRevoke(ott)
|
return m.authorizeRevoke(ctx, token)
|
||||||
}
|
}
|
||||||
return m.err
|
return m.err
|
||||||
}
|
}
|
||||||
|
|
@ -496,6 +508,31 @@ func (m *mockProvisioner) AuthorizeRenewal(c *x509.Certificate) error {
|
||||||
return m.err
|
return m.err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (m *mockProvisioner) AuthorizeSSHSign(ctx context.Context, token string) ([]provisioner.SignOption, error) {
|
||||||
|
if m.authorizeSSHSign != nil {
|
||||||
|
return m.authorizeSSHSign(ctx, token)
|
||||||
|
}
|
||||||
|
return m.ret1.([]provisioner.SignOption), m.err
|
||||||
|
}
|
||||||
|
func (m *mockProvisioner) AuthorizeSSHRevoke(ctx context.Context, token string) error {
|
||||||
|
if m.authorizeSSHRevoke != nil {
|
||||||
|
return m.authorizeSSHRevoke(ctx, token)
|
||||||
|
}
|
||||||
|
return m.err
|
||||||
|
}
|
||||||
|
func (m *mockProvisioner) AuthorizeSSHRenew(ctx context.Context, token string) (*ssh.Certificate, error) {
|
||||||
|
if m.authorizeSSHRenew != nil {
|
||||||
|
return m.authorizeSSHRenew(ctx, token)
|
||||||
|
}
|
||||||
|
return m.ret1.(*ssh.Certificate), m.err
|
||||||
|
}
|
||||||
|
func (m *mockProvisioner) AuthorizeSSHRekey(ctx context.Context, token string) (*ssh.Certificate, []provisioner.SignOption, error) {
|
||||||
|
if m.authorizeSSHRekey != nil {
|
||||||
|
return m.authorizeSSHRekey(ctx, token)
|
||||||
|
}
|
||||||
|
return m.ret1.(*ssh.Certificate), m.ret2.([]provisioner.SignOption), m.err
|
||||||
|
}
|
||||||
|
|
||||||
type mockAuthority struct {
|
type mockAuthority struct {
|
||||||
ret1, ret2 interface{}
|
ret1, ret2 interface{}
|
||||||
err error
|
err error
|
||||||
|
|
@ -509,10 +546,13 @@ type mockAuthority struct {
|
||||||
loadProvisionerByCertificate func(cert *x509.Certificate) (provisioner.Interface, error)
|
loadProvisionerByCertificate func(cert *x509.Certificate) (provisioner.Interface, error)
|
||||||
loadProvisionerByID func(provID string) (provisioner.Interface, error)
|
loadProvisionerByID func(provID string) (provisioner.Interface, error)
|
||||||
getProvisioners func(nextCursor string, limit int) (provisioner.List, string, error)
|
getProvisioners func(nextCursor string, limit int) (provisioner.List, string, error)
|
||||||
revoke func(*authority.RevokeOptions) error
|
revoke func(context.Context, *authority.RevokeOptions) error
|
||||||
getEncryptedKey func(kid string) (string, error)
|
getEncryptedKey func(kid string) (string, error)
|
||||||
getRoots func() ([]*x509.Certificate, error)
|
getRoots func() ([]*x509.Certificate, error)
|
||||||
getFederation func() ([]*x509.Certificate, error)
|
getFederation func() ([]*x509.Certificate, error)
|
||||||
|
renewSSH func(cert *ssh.Certificate) (*ssh.Certificate, error)
|
||||||
|
rekeySSH func(cert *ssh.Certificate, key ssh.PublicKey, signOpts ...provisioner.SignOption) (*ssh.Certificate, error)
|
||||||
|
getSSHHosts func() ([]string, error)
|
||||||
getSSHRoots func() (*authority.SSHKeys, error)
|
getSSHRoots func() (*authority.SSHKeys, error)
|
||||||
getSSHFederation func() (*authority.SSHKeys, error)
|
getSSHFederation func() (*authority.SSHKeys, error)
|
||||||
getSSHConfig func(typ string, data map[string]string) ([]templates.Output, error)
|
getSSHConfig func(typ string, data map[string]string) ([]templates.Output, error)
|
||||||
|
|
@ -594,9 +634,9 @@ func (m *mockAuthority) LoadProvisionerByID(provID string) (provisioner.Interfac
|
||||||
return m.ret1.(provisioner.Interface), m.err
|
return m.ret1.(provisioner.Interface), m.err
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *mockAuthority) Revoke(opts *authority.RevokeOptions) error {
|
func (m *mockAuthority) Revoke(ctx context.Context, opts *authority.RevokeOptions) error {
|
||||||
if m.revoke != nil {
|
if m.revoke != nil {
|
||||||
return m.revoke(opts)
|
return m.revoke(ctx, opts)
|
||||||
}
|
}
|
||||||
return m.err
|
return m.err
|
||||||
}
|
}
|
||||||
|
|
@ -622,6 +662,27 @@ func (m *mockAuthority) GetFederation() ([]*x509.Certificate, error) {
|
||||||
return m.ret1.([]*x509.Certificate), m.err
|
return m.ret1.([]*x509.Certificate), m.err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (m *mockAuthority) RenewSSH(cert *ssh.Certificate) (*ssh.Certificate, error) {
|
||||||
|
if m.renewSSH != nil {
|
||||||
|
return m.renewSSH(cert)
|
||||||
|
}
|
||||||
|
return m.ret1.(*ssh.Certificate), m.err
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *mockAuthority) RekeySSH(cert *ssh.Certificate, key ssh.PublicKey, signOpts ...provisioner.SignOption) (*ssh.Certificate, error) {
|
||||||
|
if m.rekeySSH != nil {
|
||||||
|
return m.rekeySSH(cert, key, signOpts...)
|
||||||
|
}
|
||||||
|
return m.ret1.(*ssh.Certificate), m.err
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *mockAuthority) GetSSHHosts() ([]string, error) {
|
||||||
|
if m.getSSHHosts != nil {
|
||||||
|
return m.getSSHHosts()
|
||||||
|
}
|
||||||
|
return m.ret1.([]string), m.err
|
||||||
|
}
|
||||||
|
|
||||||
func (m *mockAuthority) GetSSHRoots() (*authority.SSHKeys, error) {
|
func (m *mockAuthority) GetSSHRoots() (*authority.SSHKeys, error) {
|
||||||
if m.getSSHRoots != nil {
|
if m.getSSHRoots != nil {
|
||||||
return m.getSSHRoots()
|
return m.getSSHRoots()
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@ package api
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
|
"context"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
|
@ -105,7 +106,10 @@ func Test_caHandler_Revoke(t *testing.T) {
|
||||||
input: string(input),
|
input: string(input),
|
||||||
statusCode: http.StatusOK,
|
statusCode: http.StatusOK,
|
||||||
auth: &mockAuthority{
|
auth: &mockAuthority{
|
||||||
revoke: func(opts *authority.RevokeOptions) error {
|
authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
|
||||||
|
return nil, nil
|
||||||
|
},
|
||||||
|
revoke: func(ctx context.Context, opts *authority.RevokeOptions) error {
|
||||||
assert.True(t, opts.PassiveOnly)
|
assert.True(t, opts.PassiveOnly)
|
||||||
assert.False(t, opts.MTLS)
|
assert.False(t, opts.MTLS)
|
||||||
assert.Equals(t, opts.Serial, "sn")
|
assert.Equals(t, opts.Serial, "sn")
|
||||||
|
|
@ -146,7 +150,10 @@ func Test_caHandler_Revoke(t *testing.T) {
|
||||||
statusCode: http.StatusOK,
|
statusCode: http.StatusOK,
|
||||||
tls: cs,
|
tls: cs,
|
||||||
auth: &mockAuthority{
|
auth: &mockAuthority{
|
||||||
revoke: func(ri *authority.RevokeOptions) error {
|
authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
|
||||||
|
return nil, nil
|
||||||
|
},
|
||||||
|
revoke: func(ctx context.Context, ri *authority.RevokeOptions) error {
|
||||||
assert.True(t, ri.PassiveOnly)
|
assert.True(t, ri.PassiveOnly)
|
||||||
assert.True(t, ri.MTLS)
|
assert.True(t, ri.MTLS)
|
||||||
assert.Equals(t, ri.Serial, "1404354960355712309")
|
assert.Equals(t, ri.Serial, "1404354960355712309")
|
||||||
|
|
@ -178,7 +185,10 @@ func Test_caHandler_Revoke(t *testing.T) {
|
||||||
input: string(input),
|
input: string(input),
|
||||||
statusCode: http.StatusInternalServerError,
|
statusCode: http.StatusInternalServerError,
|
||||||
auth: &mockAuthority{
|
auth: &mockAuthority{
|
||||||
revoke: func(opts *authority.RevokeOptions) error {
|
authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
|
||||||
|
return nil, nil
|
||||||
|
},
|
||||||
|
revoke: func(ctx context.Context, opts *authority.RevokeOptions) error {
|
||||||
return InternalServerError(errors.New("force"))
|
return InternalServerError(errors.New("force"))
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -197,7 +207,10 @@ func Test_caHandler_Revoke(t *testing.T) {
|
||||||
input: string(input),
|
input: string(input),
|
||||||
statusCode: http.StatusForbidden,
|
statusCode: http.StatusForbidden,
|
||||||
auth: &mockAuthority{
|
auth: &mockAuthority{
|
||||||
revoke: func(opts *authority.RevokeOptions) error {
|
authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
|
||||||
|
return nil, nil
|
||||||
|
},
|
||||||
|
revoke: func(ctx context.Context, opts *authority.RevokeOptions) error {
|
||||||
return errors.New("force")
|
return errors.New("force")
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -432,7 +432,7 @@ func Test_caHandler_SSHFederation(t *testing.T) {
|
||||||
|
|
||||||
func Test_caHandler_SSHConfig(t *testing.T) {
|
func Test_caHandler_SSHConfig(t *testing.T) {
|
||||||
userOutput := []templates.Output{
|
userOutput := []templates.Output{
|
||||||
{Name: "config.tpl", Type: templates.File, Comment: "#", Path: "ssh/config", Content: []byte("UserKnownHostsFile /home/user/.step/config/ssh/known_hosts")},
|
{Name: "config.tpl", Type: templates.File, Comment: "#", Path: "ssh/config", Content: []byte("UserKnownHostsFile /home/user/.step/ssh/known_hosts")},
|
||||||
{Name: "known_host.tpl", Type: templates.File, Comment: "#", Path: "ssh/known_host", Content: []byte("@cert-authority * ecdsa-sha2-nistp256 AAAA...=")},
|
{Name: "known_host.tpl", Type: templates.File, Comment: "#", Path: "ssh/known_host", Content: []byte("@cert-authority * ecdsa-sha2-nistp256 AAAA...=")},
|
||||||
}
|
}
|
||||||
hostOutput := []templates.Output{
|
hostOutput := []templates.Output{
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue