certificates/kms/apiv1/options_test.go
Anton Lundin 3e6137110b Add support for using ssh-agent as a KMS
This adds a new KMS, SSHAgentKMS, which is a KMS to provide signing keys
for issuing ssh certificates signed by a key managed by a ssh-agent. It
uses the golang.org/x/crypto package to get a native Go implementation
to talk to a ssh-agent.

This was primarly written to be able to use gpg-agent to provide the
keys stored in a YubiKeys openpgp interface, but can be used for other
setups like proxying a ssh-agent over network.

That way the signing key for ssh certificates can be kept in a
"sign-only" hsm.

This code was written for my employer Intinor AB, but for simplicity
sake gifted to me to contribute upstream.

Signed-off-by: Anton Lundin <glance@acc.umu.se>
2020-11-04 09:06:23 +01:00

52 lines
1.2 KiB
Go

package apiv1
import (
"testing"
)
func TestOptions_Validate(t *testing.T) {
tests := []struct {
name string
options *Options
wantErr bool
}{
{"nil", nil, false},
{"softkms", &Options{Type: "softkms"}, false},
{"cloudkms", &Options{Type: "cloudkms"}, false},
{"awskms", &Options{Type: "awskms"}, false},
{"sshagentkms", &Options{Type: "sshagentkms"}, false},
{"pkcs11", &Options{Type: "pkcs11"}, true},
{"unsupported", &Options{Type: "unsupported"}, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if err := tt.options.Validate(); (err != nil) != tt.wantErr {
t.Errorf("Options.Validate() error = %v, wantErr %v", err, tt.wantErr)
}
})
}
}
func TestErrNotImplemented_Error(t *testing.T) {
type fields struct {
msg string
}
tests := []struct {
name string
fields fields
want string
}{
{"default", fields{}, "not implemented"},
{"custom", fields{"custom message: not implemented"}, "custom message: not implemented"},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
e := ErrNotImplemented{
msg: tt.fields.msg,
}
if got := e.Error(); got != tt.want {
t.Errorf("ErrNotImplemented.Error() = %v, want %v", got, tt.want)
}
})
}
}