helm/internal/tlsutil/tlsutil_test.go

/*
Copyright The Helm Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package tlsutil

import (
	"path/filepath"
	"testing"
)

const tlsTestDir = "../../testdata"

const (
	testCaCertFile = "rootca.crt"
	testCertFile   = "crt.pem"
	testKeyFile    = "key.pem"
)

func TestClientConfig(t *testing.T) {
	opts := Options{
		CaCertFile:         testfile(t, testCaCertFile),
		CertFile:           testfile(t, testCertFile),
		KeyFile:            testfile(t, testKeyFile),
		InsecureSkipVerify: false,
	}

	cfg, err := ClientConfig(opts)
	if err != nil {
		t.Fatalf("error building tls client config: %v", err)
	}

	if got := len(cfg.Certificates); got != 1 {
		t.Fatalf("expecting 1 client certificates, got %d", got)
	}
	if cfg.InsecureSkipVerify {
		t.Fatalf("insecure skip verify mismatch, expecting false")
	}
	if cfg.RootCAs == nil {
		t.Fatalf("mismatch tls RootCAs, expecting non-nil")
	}
}

func testfile(t *testing.T, file string) (path string) {
	var err error
	if path, err = filepath.Abs(filepath.Join(tlsTestDir, file)); err != nil {
		t.Fatalf("error getting absolute path to test file %q: %v", file, err)
	}
	return path
}

func TestNewClientTLS(t *testing.T) {
	certFile := testfile(t, testCertFile)
	keyFile := testfile(t, testKeyFile)
	caCertFile := testfile(t, testCaCertFile)
	insecureSkipTLSverify := false

	cfg, err := NewClientTLS(certFile, keyFile, caCertFile, insecureSkipTLSverify)
	if err != nil {
		t.Error(err)
	}

	if got := len(cfg.Certificates); got != 1 {
		t.Fatalf("expecting 1 client certificates, got %d", got)
	}
	if cfg.InsecureSkipVerify {
		t.Fatalf("insecure skip verify mismatch, expecting false")
	}
	if cfg.RootCAs == nil {
		t.Fatalf("mismatch tls RootCAs, expecting non-nil")
	}

	cfg, err = NewClientTLS("", "", caCertFile, insecureSkipTLSverify)
	if err != nil {
		t.Error(err)
	}

	if got := len(cfg.Certificates); got != 0 {
		t.Fatalf("expecting 0 client certificates, got %d", got)
	}
	if cfg.InsecureSkipVerify {
		t.Fatalf("insecure skip verify mismatch, expecting false")
	}
	if cfg.RootCAs == nil {
		t.Fatalf("mismatch tls RootCAs, expecting non-nil")
	}

	cfg, err = NewClientTLS(certFile, keyFile, "", insecureSkipTLSverify)
	if err != nil {
		t.Error(err)
	}

	if got := len(cfg.Certificates); got != 1 {
		t.Fatalf("expecting 1 client certificates, got %d", got)
	}
	if cfg.InsecureSkipVerify {
		t.Fatalf("insecure skip verify mismatch, expecting false")
	}
	if cfg.RootCAs != nil {
		t.Fatalf("mismatch tls RootCAs, expecting nil")
	}
}
test(*): add tests for new tls support Adds a testdata directory to hold tls certs at the root of the project. The tests cover pkg/tlsutil, cmd/helm, and cmd/helm/installer. Closes #2289 8 years ago			`/*`
change copyright to "Copyright The Helm Authors" 6 years ago			`Copyright The Helm Authors.`
test(*): add tests for new tls support Adds a testdata directory to hold tls certs at the root of the project. The tests cover pkg/tlsutil, cmd/helm, and cmd/helm/installer. Closes #2289 8 years ago
			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

			`package tlsutil`

			`import (`
			`"path/filepath"`
			`"testing"`
			`)`

			`const tlsTestDir = "../../testdata"`

			`const (`
fix(getter): set up TLS options during .Get() Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com> 5 years ago			`testCaCertFile = "rootca.crt"`
test(*): add tests for new tls support Adds a testdata directory to hold tls certs at the root of the project. The tests cover pkg/tlsutil, cmd/helm, and cmd/helm/installer. Closes #2289 8 years ago			`testCertFile = "crt.pem"`
			`testKeyFile = "key.pem"`
			`)`

			`func TestClientConfig(t *testing.T) {`
			`opts := Options{`
			`CaCertFile: testfile(t, testCaCertFile),`
			`CertFile: testfile(t, testCertFile),`
			`KeyFile: testfile(t, testKeyFile),`
			`InsecureSkipVerify: false,`
			`}`

			`cfg, err := ClientConfig(opts)`
			`if err != nil {`
			`t.Fatalf("error building tls client config: %v", err)`
			`}`

			`if got := len(cfg.Certificates); got != 1 {`
			`t.Fatalf("expecting 1 client certificates, got %d", got)`
			`}`
			`if cfg.InsecureSkipVerify {`
chore: Spelling (#9410) * spelling: annotate Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: asserts Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: behavior Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: binary Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: contain Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: copied Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: dependency Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: depending Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: deprecated Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: doesn't Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: donot Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: github Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: inputting Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: iteration Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: jabberwocky Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: kubernetes Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: length Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: mismatch Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: multiple Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: nonexistent Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: outputs Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: panicking Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: plugins Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: parsing Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: porthos Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: regular Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: resource Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: repositories Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: something Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: strict Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: string Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: unknown Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> 4 years ago			`t.Fatalf("insecure skip verify mismatch, expecting false")`
test(*): add tests for new tls support Adds a testdata directory to hold tls certs at the root of the project. The tests cover pkg/tlsutil, cmd/helm, and cmd/helm/installer. Closes #2289 8 years ago			`}`
			`if cfg.RootCAs == nil {`
			`t.Fatalf("mismatch tls RootCAs, expecting non-nil")`
			`}`
			`}`

			`func testfile(t *testing.T, file string) (path string) {`
			`var err error`
			`if path, err = filepath.Abs(filepath.Join(tlsTestDir, file)); err != nil {`
			`t.Fatalf("error getting absolute path to test file %q: %v", file, err)`
			`}`
			`return path`
			`}`
fix(tlsutil): accept only a CA certificate for validation Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com> 5 years ago
			`func TestNewClientTLS(t *testing.T) {`
			`certFile := testfile(t, testCertFile)`
			`keyFile := testfile(t, testKeyFile)`
			`caCertFile := testfile(t, testCaCertFile)`
Added support for insecure OCI registries Signed-off-by: Andrew Block <andy.block@gmail.com> 2 years ago			`insecureSkipTLSverify := false`
fix(tlsutil): accept only a CA certificate for validation Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com> 5 years ago
Added support for insecure OCI registries Signed-off-by: Andrew Block <andy.block@gmail.com> 2 years ago			`cfg, err := NewClientTLS(certFile, keyFile, caCertFile, insecureSkipTLSverify)`
fix(tlsutil): accept only a CA certificate for validation Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com> 5 years ago			`if err != nil {`
			`t.Error(err)`
			`}`

			`if got := len(cfg.Certificates); got != 1 {`
			`t.Fatalf("expecting 1 client certificates, got %d", got)`
			`}`
			`if cfg.InsecureSkipVerify {`
chore: Spelling (#9410) * spelling: annotate Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: asserts Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: behavior Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: binary Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: contain Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: copied Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: dependency Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: depending Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: deprecated Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: doesn't Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: donot Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: github Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: inputting Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: iteration Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: jabberwocky Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: kubernetes Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: length Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: mismatch Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: multiple Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: nonexistent Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: outputs Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: panicking Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: plugins Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: parsing Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: porthos Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: regular Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: resource Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: repositories Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: something Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: strict Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: string Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: unknown Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> 4 years ago			`t.Fatalf("insecure skip verify mismatch, expecting false")`
fix(tlsutil): accept only a CA certificate for validation Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com> 5 years ago			`}`
			`if cfg.RootCAs == nil {`
			`t.Fatalf("mismatch tls RootCAs, expecting non-nil")`
			`}`

Added support for insecure OCI registries Signed-off-by: Andrew Block <andy.block@gmail.com> 2 years ago			`cfg, err = NewClientTLS("", "", caCertFile, insecureSkipTLSverify)`
fix(tlsutil): accept only a CA certificate for validation Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com> 5 years ago			`if err != nil {`
			`t.Error(err)`
			`}`

			`if got := len(cfg.Certificates); got != 0 {`
			`t.Fatalf("expecting 0 client certificates, got %d", got)`
			`}`
			`if cfg.InsecureSkipVerify {`
chore: Spelling (#9410) * spelling: annotate Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: asserts Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: behavior Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: binary Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: contain Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: copied Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: dependency Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: depending Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: deprecated Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: doesn't Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: donot Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: github Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: inputting Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: iteration Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: jabberwocky Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: kubernetes Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: length Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: mismatch Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: multiple Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: nonexistent Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: outputs Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: panicking Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: plugins Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: parsing Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: porthos Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: regular Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: resource Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: repositories Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: something Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: strict Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: string Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: unknown Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> 4 years ago			`t.Fatalf("insecure skip verify mismatch, expecting false")`
fix(tlsutil): accept only a CA certificate for validation Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com> 5 years ago			`}`
			`if cfg.RootCAs == nil {`
			`t.Fatalf("mismatch tls RootCAs, expecting non-nil")`
			`}`

Added support for insecure OCI registries Signed-off-by: Andrew Block <andy.block@gmail.com> 2 years ago			`cfg, err = NewClientTLS(certFile, keyFile, "", insecureSkipTLSverify)`
fix(tlsutil): accept only a CA certificate for validation Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com> 5 years ago			`if err != nil {`
			`t.Error(err)`
			`}`

			`if got := len(cfg.Certificates); got != 1 {`
			`t.Fatalf("expecting 1 client certificates, got %d", got)`
			`}`
			`if cfg.InsecureSkipVerify {`
chore: Spelling (#9410) * spelling: annotate Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: asserts Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: behavior Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: binary Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: contain Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: copied Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: dependency Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: depending Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: deprecated Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: doesn't Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: donot Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: github Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: inputting Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: iteration Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: jabberwocky Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: kubernetes Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: length Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: mismatch Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: multiple Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: nonexistent Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: outputs Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: panicking Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: plugins Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: parsing Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: porthos Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: regular Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: resource Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: repositories Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: something Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: strict Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: string Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: unknown Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> 4 years ago			`t.Fatalf("insecure skip verify mismatch, expecting false")`
fix(tlsutil): accept only a CA certificate for validation Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com> 5 years ago			`}`
			`if cfg.RootCAs != nil {`
			`t.Fatalf("mismatch tls RootCAs, expecting nil")`
			`}`
			`}`