Fix api tests.

This commit is contained in:
Mariano Cano 2019-11-06 13:33:23 -08:00 committed by max furman
parent 29853ae016
commit 0ae9bab21e
3 changed files with 95 additions and 21 deletions

View file

@ -417,17 +417,22 @@ func TestSignRequest_Validate(t *testing.T) {
} }
type mockProvisioner struct { type mockProvisioner struct {
ret1, ret2, ret3 interface{} ret1, ret2, ret3 interface{}
err error err error
getID func() string getID func() string
getTokenID func(string) (string, error) getTokenID func(string) (string, error)
getName func() string getName func() string
getType func() provisioner.Type getType func() provisioner.Type
getEncryptedKey func() (string, string, bool) getEncryptedKey func() (string, string, bool)
init func(provisioner.Config) error init func(provisioner.Config) error
authorizeRevoke func(ott string) error authorizeRenew func(ctx context.Context, cert *x509.Certificate) error
authorizeSign func(ctx context.Context, ott string) ([]provisioner.SignOption, error) authorizeRevoke func(ctx context.Context, token string) error
authorizeRenewal func(*x509.Certificate) error authorizeSign func(ctx context.Context, ott string) ([]provisioner.SignOption, error)
authorizeRenewal func(*x509.Certificate) error
authorizeSSHSign func(ctx context.Context, token string) ([]provisioner.SignOption, error)
authorizeSSHRevoke func(ctx context.Context, token string) error
authorizeSSHRenew func(ctx context.Context, token string) (*ssh.Certificate, error)
authorizeSSHRekey func(ctx context.Context, token string) (*ssh.Certificate, []provisioner.SignOption, error)
} }
func (m *mockProvisioner) GetID() string { func (m *mockProvisioner) GetID() string {
@ -475,9 +480,16 @@ func (m *mockProvisioner) Init(c provisioner.Config) error {
return m.err return m.err
} }
func (m *mockProvisioner) AuthorizeRevoke(ott string) error { func (m *mockProvisioner) AuthorizeRenew(ctx context.Context, cert *x509.Certificate) error {
if m.authorizeRenew != nil {
return m.authorizeRenew(ctx, cert)
}
return m.err
}
func (m *mockProvisioner) AuthorizeRevoke(ctx context.Context, token string) error {
if m.authorizeRevoke != nil { if m.authorizeRevoke != nil {
return m.authorizeRevoke(ott) return m.authorizeRevoke(ctx, token)
} }
return m.err return m.err
} }
@ -496,6 +508,31 @@ func (m *mockProvisioner) AuthorizeRenewal(c *x509.Certificate) error {
return m.err return m.err
} }
func (m *mockProvisioner) AuthorizeSSHSign(ctx context.Context, token string) ([]provisioner.SignOption, error) {
if m.authorizeSSHSign != nil {
return m.authorizeSSHSign(ctx, token)
}
return m.ret1.([]provisioner.SignOption), m.err
}
func (m *mockProvisioner) AuthorizeSSHRevoke(ctx context.Context, token string) error {
if m.authorizeSSHRevoke != nil {
return m.authorizeSSHRevoke(ctx, token)
}
return m.err
}
func (m *mockProvisioner) AuthorizeSSHRenew(ctx context.Context, token string) (*ssh.Certificate, error) {
if m.authorizeSSHRenew != nil {
return m.authorizeSSHRenew(ctx, token)
}
return m.ret1.(*ssh.Certificate), m.err
}
func (m *mockProvisioner) AuthorizeSSHRekey(ctx context.Context, token string) (*ssh.Certificate, []provisioner.SignOption, error) {
if m.authorizeSSHRekey != nil {
return m.authorizeSSHRekey(ctx, token)
}
return m.ret1.(*ssh.Certificate), m.ret2.([]provisioner.SignOption), m.err
}
type mockAuthority struct { type mockAuthority struct {
ret1, ret2 interface{} ret1, ret2 interface{}
err error err error
@ -509,10 +546,13 @@ type mockAuthority struct {
loadProvisionerByCertificate func(cert *x509.Certificate) (provisioner.Interface, error) loadProvisionerByCertificate func(cert *x509.Certificate) (provisioner.Interface, error)
loadProvisionerByID func(provID string) (provisioner.Interface, error) loadProvisionerByID func(provID string) (provisioner.Interface, error)
getProvisioners func(nextCursor string, limit int) (provisioner.List, string, error) getProvisioners func(nextCursor string, limit int) (provisioner.List, string, error)
revoke func(*authority.RevokeOptions) error revoke func(context.Context, *authority.RevokeOptions) error
getEncryptedKey func(kid string) (string, error) getEncryptedKey func(kid string) (string, error)
getRoots func() ([]*x509.Certificate, error) getRoots func() ([]*x509.Certificate, error)
getFederation func() ([]*x509.Certificate, error) getFederation func() ([]*x509.Certificate, error)
renewSSH func(cert *ssh.Certificate) (*ssh.Certificate, error)
rekeySSH func(cert *ssh.Certificate, key ssh.PublicKey, signOpts ...provisioner.SignOption) (*ssh.Certificate, error)
getSSHHosts func() ([]string, error)
getSSHRoots func() (*authority.SSHKeys, error) getSSHRoots func() (*authority.SSHKeys, error)
getSSHFederation func() (*authority.SSHKeys, error) getSSHFederation func() (*authority.SSHKeys, error)
getSSHConfig func(typ string, data map[string]string) ([]templates.Output, error) getSSHConfig func(typ string, data map[string]string) ([]templates.Output, error)
@ -594,9 +634,9 @@ func (m *mockAuthority) LoadProvisionerByID(provID string) (provisioner.Interfac
return m.ret1.(provisioner.Interface), m.err return m.ret1.(provisioner.Interface), m.err
} }
func (m *mockAuthority) Revoke(opts *authority.RevokeOptions) error { func (m *mockAuthority) Revoke(ctx context.Context, opts *authority.RevokeOptions) error {
if m.revoke != nil { if m.revoke != nil {
return m.revoke(opts) return m.revoke(ctx, opts)
} }
return m.err return m.err
} }
@ -622,6 +662,27 @@ func (m *mockAuthority) GetFederation() ([]*x509.Certificate, error) {
return m.ret1.([]*x509.Certificate), m.err return m.ret1.([]*x509.Certificate), m.err
} }
func (m *mockAuthority) RenewSSH(cert *ssh.Certificate) (*ssh.Certificate, error) {
if m.renewSSH != nil {
return m.renewSSH(cert)
}
return m.ret1.(*ssh.Certificate), m.err
}
func (m *mockAuthority) RekeySSH(cert *ssh.Certificate, key ssh.PublicKey, signOpts ...provisioner.SignOption) (*ssh.Certificate, error) {
if m.rekeySSH != nil {
return m.rekeySSH(cert, key, signOpts...)
}
return m.ret1.(*ssh.Certificate), m.err
}
func (m *mockAuthority) GetSSHHosts() ([]string, error) {
if m.getSSHHosts != nil {
return m.getSSHHosts()
}
return m.ret1.([]string), m.err
}
func (m *mockAuthority) GetSSHRoots() (*authority.SSHKeys, error) { func (m *mockAuthority) GetSSHRoots() (*authority.SSHKeys, error) {
if m.getSSHRoots != nil { if m.getSSHRoots != nil {
return m.getSSHRoots() return m.getSSHRoots()

View file

@ -2,6 +2,7 @@ package api
import ( import (
"bytes" "bytes"
"context"
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"encoding/json" "encoding/json"
@ -105,7 +106,10 @@ func Test_caHandler_Revoke(t *testing.T) {
input: string(input), input: string(input),
statusCode: http.StatusOK, statusCode: http.StatusOK,
auth: &mockAuthority{ auth: &mockAuthority{
revoke: func(opts *authority.RevokeOptions) error { authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
return nil, nil
},
revoke: func(ctx context.Context, opts *authority.RevokeOptions) error {
assert.True(t, opts.PassiveOnly) assert.True(t, opts.PassiveOnly)
assert.False(t, opts.MTLS) assert.False(t, opts.MTLS)
assert.Equals(t, opts.Serial, "sn") assert.Equals(t, opts.Serial, "sn")
@ -146,7 +150,10 @@ func Test_caHandler_Revoke(t *testing.T) {
statusCode: http.StatusOK, statusCode: http.StatusOK,
tls: cs, tls: cs,
auth: &mockAuthority{ auth: &mockAuthority{
revoke: func(ri *authority.RevokeOptions) error { authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
return nil, nil
},
revoke: func(ctx context.Context, ri *authority.RevokeOptions) error {
assert.True(t, ri.PassiveOnly) assert.True(t, ri.PassiveOnly)
assert.True(t, ri.MTLS) assert.True(t, ri.MTLS)
assert.Equals(t, ri.Serial, "1404354960355712309") assert.Equals(t, ri.Serial, "1404354960355712309")
@ -178,7 +185,10 @@ func Test_caHandler_Revoke(t *testing.T) {
input: string(input), input: string(input),
statusCode: http.StatusInternalServerError, statusCode: http.StatusInternalServerError,
auth: &mockAuthority{ auth: &mockAuthority{
revoke: func(opts *authority.RevokeOptions) error { authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
return nil, nil
},
revoke: func(ctx context.Context, opts *authority.RevokeOptions) error {
return InternalServerError(errors.New("force")) return InternalServerError(errors.New("force"))
}, },
}, },
@ -197,7 +207,10 @@ func Test_caHandler_Revoke(t *testing.T) {
input: string(input), input: string(input),
statusCode: http.StatusForbidden, statusCode: http.StatusForbidden,
auth: &mockAuthority{ auth: &mockAuthority{
revoke: func(opts *authority.RevokeOptions) error { authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
return nil, nil
},
revoke: func(ctx context.Context, opts *authority.RevokeOptions) error {
return errors.New("force") return errors.New("force")
}, },
}, },

View file

@ -432,7 +432,7 @@ func Test_caHandler_SSHFederation(t *testing.T) {
func Test_caHandler_SSHConfig(t *testing.T) { func Test_caHandler_SSHConfig(t *testing.T) {
userOutput := []templates.Output{ userOutput := []templates.Output{
{Name: "config.tpl", Type: templates.File, Comment: "#", Path: "ssh/config", Content: []byte("UserKnownHostsFile /home/user/.step/config/ssh/known_hosts")}, {Name: "config.tpl", Type: templates.File, Comment: "#", Path: "ssh/config", Content: []byte("UserKnownHostsFile /home/user/.step/ssh/known_hosts")},
{Name: "known_host.tpl", Type: templates.File, Comment: "#", Path: "ssh/known_host", Content: []byte("@cert-authority * ecdsa-sha2-nistp256 AAAA...=")}, {Name: "known_host.tpl", Type: templates.File, Comment: "#", Path: "ssh/known_host", Content: []byte("@cert-authority * ecdsa-sha2-nistp256 AAAA...=")},
} }
hostOutput := []templates.Output{ hostOutput := []templates.Output{