mirror of https://github.com/spiffe/go-spiffe.git
114 lines
3.1 KiB
Go
114 lines
3.1 KiB
Go
package federation_test
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/spiffe/go-spiffe/v2/bundle/spiffebundle"
|
|
"github.com/spiffe/go-spiffe/v2/federation"
|
|
"github.com/spiffe/go-spiffe/v2/internal/test"
|
|
"github.com/spiffe/go-spiffe/v2/internal/test/fakebundleendpoint"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestWatchBundle_OnUpdate(t *testing.T) {
|
|
var watcher *fakewatcher
|
|
ca1 := test.NewCA(t, td)
|
|
bundle1 := ca1.Bundle()
|
|
bundle1.SetRefreshHint(time.Second)
|
|
ca2 := test.NewCA(t, td)
|
|
bundle2 := ca2.Bundle()
|
|
bundle2.SetRefreshHint(2 * time.Second)
|
|
bundles := []*spiffebundle.Bundle{bundle1, bundle2}
|
|
|
|
be := fakebundleendpoint.New(t, fakebundleendpoint.WithTestBundles(bundle1, bundle2))
|
|
defer be.Shutdown()
|
|
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
watcher = &fakewatcher{
|
|
t: t,
|
|
nextRefresh: time.Second,
|
|
expectedBundles: bundles,
|
|
cancel: func() {
|
|
if watcher.onUpdateCalls > 1 {
|
|
cancel()
|
|
}
|
|
},
|
|
latestBundle: &spiffebundle.Bundle{},
|
|
}
|
|
|
|
err := federation.WatchBundle(ctx, td, be.FetchBundleURL(), watcher, federation.WithWebPKIRoots(be.RootCAs()))
|
|
assert.Equal(t, 2, watcher.onUpdateCalls)
|
|
assert.Equal(t, 0, watcher.onErrorCalls)
|
|
assert.Equal(t, context.Canceled, err)
|
|
}
|
|
|
|
func TestWatchBundle_OnError(t *testing.T) {
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
watcher := &fakewatcher{
|
|
t: t,
|
|
nextRefresh: time.Second,
|
|
expectedErr: `federation: could not GET bundle: Get "?wrong%20url"?: unsupported protocol scheme ""`,
|
|
cancel: cancel,
|
|
latestBundle: &spiffebundle.Bundle{},
|
|
}
|
|
|
|
err := federation.WatchBundle(ctx, td, "wrong url", watcher)
|
|
assert.Equal(t, 0, watcher.onUpdateCalls)
|
|
assert.Equal(t, 1, watcher.onErrorCalls)
|
|
assert.Equal(t, context.Canceled, err)
|
|
}
|
|
|
|
func TestWatchBundle_NilWatcher(t *testing.T) {
|
|
err := federation.WatchBundle(context.Background(), td, "some url", nil)
|
|
assert.EqualError(t, err, "federation: watcher cannot be nil")
|
|
}
|
|
|
|
func TestWatchBundle_FetchBundleCanceled(t *testing.T) {
|
|
be := fakebundleendpoint.New(t)
|
|
defer be.Shutdown()
|
|
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
watcher := &fakewatcher{
|
|
t: t,
|
|
nextRefresh: time.Second,
|
|
}
|
|
cancel()
|
|
err := federation.WatchBundle(ctx, td, be.FetchBundleURL(), watcher, federation.WithWebPKIRoots(be.RootCAs()))
|
|
assert.Equal(t, context.Canceled, err)
|
|
}
|
|
|
|
type fakewatcher struct {
|
|
t *testing.T
|
|
nextRefresh time.Duration
|
|
expectedBundles []*spiffebundle.Bundle
|
|
expectedErr string
|
|
cancel context.CancelFunc
|
|
onUpdateCalls int
|
|
onErrorCalls int
|
|
latestBundle *spiffebundle.Bundle
|
|
}
|
|
|
|
func (w *fakewatcher) NextRefresh(refreshHint time.Duration) time.Duration {
|
|
if rh, ok := w.latestBundle.RefreshHint(); ok {
|
|
assert.Equal(w.t, rh, refreshHint)
|
|
} else {
|
|
assert.Equal(w.t, time.Duration(0), refreshHint)
|
|
}
|
|
return w.nextRefresh
|
|
}
|
|
|
|
func (w *fakewatcher) OnUpdate(bundle *spiffebundle.Bundle) {
|
|
w.latestBundle = bundle
|
|
assert.Equal(w.t, w.expectedBundles[w.onUpdateCalls], bundle)
|
|
w.onUpdateCalls++
|
|
w.cancel()
|
|
}
|
|
|
|
func (w *fakewatcher) OnError(err error) {
|
|
assert.Regexp(w.t, w.expectedErr, err.Error())
|
|
w.onErrorCalls++
|
|
w.cancel()
|
|
}
|