Add extra tests for CustomSSHTemplateOptions

2020-09-08 15:43:39 -07:00 · 2020-09-08 15:43:39 -07:00 · 276e307a1d
commit 276e307a1d
parent 3fc9124559
1 changed files with 106 additions and 0 deletions
--- a/authority/provisioner/ssh_options_test.go
+++ b/authority/provisioner/ssh_options_test.go
@ -0,0 +1,106 @@
+package provisioner
+
+import (
+	"bytes"
+	"reflect"
+	"testing"
+
+	"go.step.sm/crypto/sshutil"
+)
+
+func TestCustomSSHTemplateOptions(t *testing.T) {
+	cr := sshutil.CertificateRequest{
+		Type:       "user",
+		KeyID:      "foo@smallstep.com",
+		Principals: []string{"foo"},
+	}
+	crCertificate := `{"Key":null,"Type":"user","KeyID":"foo@smallstep.com","Principals":["foo"]}`
+	data := sshutil.CreateTemplateData(sshutil.HostCert, "smallstep.com", []string{"smallstep.com"})
+	type args struct {
+		o               *Options
+		data            sshutil.TemplateData
+		defaultTemplate string
+		userOptions     SignSSHOptions
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    sshutil.Options
+		wantErr bool
+	}{
+		{"ok", args{nil, data, sshutil.DefaultTemplate, SignSSHOptions{}}, sshutil.Options{
+			CertBuffer: bytes.NewBufferString(`{
+	"type": "host",
+	"keyId": "smallstep.com",
+	"principals": ["smallstep.com"],
+	"extensions": null,
+	"criticalOptions": null
+}`),
+		}, false},
+		{"okNoData", args{nil, nil, sshutil.DefaultTemplate, SignSSHOptions{}}, sshutil.Options{
+			CertBuffer: bytes.NewBufferString(`{
+	"type": "<no value>",
+	"keyId": "<no value>",
+	"principals": null,
+	"extensions": null,
+	"criticalOptions": null
+}`),
+		}, false},
+		{"okTemplateData", args{&Options{SSH: &SSHOptions{TemplateData: []byte(`{"foo":"bar"}`)}}, data, sshutil.DefaultTemplate, SignSSHOptions{}}, sshutil.Options{
+			CertBuffer: bytes.NewBufferString(`{
+	"type": "host",
+	"keyId": "smallstep.com",
+	"principals": ["smallstep.com"],
+	"extensions": null,
+	"criticalOptions": null
+}`),
+		}, false},
+		{"okNullTemplateData", args{&Options{SSH: &SSHOptions{TemplateData: []byte(`null`)}}, data, sshutil.DefaultTemplate, SignSSHOptions{}}, sshutil.Options{
+			CertBuffer: bytes.NewBufferString(`{
+	"type": "host",
+	"keyId": "smallstep.com",
+	"principals": ["smallstep.com"],
+	"extensions": null,
+	"criticalOptions": null
+}`),
+		}, false},
+		// Note: `{{ toJson .Insecure.CR }}` is not a valid ssh template
+		{"okTemplate", args{&Options{SSH: &SSHOptions{Template: "{{ toJson .Insecure.CR }}"}}, data, sshutil.DefaultTemplate, SignSSHOptions{}}, sshutil.Options{
+			CertBuffer: bytes.NewBufferString(crCertificate)}, false},
+		{"okFile", args{&Options{SSH: &SSHOptions{TemplateFile: "./testdata/templates/cr.tpl"}}, data, sshutil.DefaultTemplate, SignSSHOptions{}}, sshutil.Options{
+			CertBuffer: bytes.NewBufferString(crCertificate)}, false},
+		{"okBase64", args{&Options{SSH: &SSHOptions{Template: "e3sgdG9Kc29uIC5JbnNlY3VyZS5DUiB9fQ=="}}, data, sshutil.DefaultTemplate, SignSSHOptions{}}, sshutil.Options{
+			CertBuffer: bytes.NewBufferString(crCertificate)}, false},
+		{"okUserOptions", args{&Options{SSH: &SSHOptions{Template: `{"foo": "{{.Insecure.User.foo}}"}`}}, data, sshutil.DefaultTemplate, SignSSHOptions{TemplateData: []byte(`{"foo":"bar"}`)}}, sshutil.Options{
+			CertBuffer: bytes.NewBufferString(`{"foo": "bar"}`),
+		}, false},
+		{"okNulUserOptions", args{&Options{SSH: &SSHOptions{Template: `{"foo": "{{.Insecure.User.foo}}"}`}}, data, sshutil.DefaultTemplate, SignSSHOptions{TemplateData: []byte(`null`)}}, sshutil.Options{
+			CertBuffer: bytes.NewBufferString(`{"foo": "<no value>"}`),
+		}, false},
+		{"okBadUserOptions", args{&Options{SSH: &SSHOptions{Template: `{"foo": "{{.Insecure.User.foo}}"}`}}, data, sshutil.DefaultTemplate, SignSSHOptions{TemplateData: []byte(`{"badJSON"}`)}}, sshutil.Options{
+			CertBuffer: bytes.NewBufferString(`{"foo": "<no value>"}`),
+		}, false},
+		{"fail", args{&Options{SSH: &SSHOptions{TemplateData: []byte(`{"badJSON`)}}, data, sshutil.DefaultTemplate, SignSSHOptions{}}, sshutil.Options{}, true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			cof, err := CustomSSHTemplateOptions(tt.args.o, tt.args.data, tt.args.defaultTemplate)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("CustomSSHTemplateOptions() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			var opts sshutil.Options
+			if cof != nil {
+				for _, fn := range cof.Options(tt.args.userOptions) {
+					if err := fn(cr, &opts); err != nil {
+						t.Errorf("x509util.Options() error = %v", err)
+						return
+					}
+				}
+			}
+			if !reflect.DeepEqual(opts, tt.want) {
+				t.Errorf("CustomSSHTemplateOptions() = %v, want %v", opts, tt.want)
+			}
+		})
+	}
+}