From 0f9250a491662f0c2e3475f7d16093616e2187c0 Mon Sep 17 00:00:00 2001 From: Oliver O'Mahony Date: Wed, 13 Nov 2024 18:48:20 +0000 Subject: [PATCH] refactored tests --- internal/datasource/cert/cert_test.go | 101 ++++-------------- .../instance/nginx_config_parser_test.go | 14 ++- pkg/files/file_helpers_test.go | 21 ++-- test/helpers/os_utils.go | 39 ------- 4 files changed, 40 insertions(+), 135 deletions(-) diff --git a/internal/datasource/cert/cert_test.go b/internal/datasource/cert/cert_test.go index fdb8ae67f8..ddc5aa590a 100644 --- a/internal/datasource/cert/cert_test.go +++ b/internal/datasource/cert/cert_test.go @@ -5,63 +5,32 @@ package cert import ( - "crypto/rand" - "crypto/rsa" - "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" - "math/big" - "os" "testing" - "time" + "github.com/nginx/agent/v3/test/helpers" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) +const ( + keyFileName = "key.pem" + certFileName = "cert.pem" + caFileName = "ca.pem" + nonPemCertFileName = "cert.nonpem" + certificateType = "CERTIFICATE" + privateKeyType = "RSA PRIVATE KEY" +) + func TestLoadCertificates(t *testing.T) { tmpDir := t.TempDir() - key, err := rsa.GenerateKey(rand.Reader, 2048) - if err != nil { - t.Fatalf("Failed generate key, %v", err) - } - tml := x509.Certificate{ - NotBefore: time.Now(), - NotAfter: time.Now().AddDate(5, 0, 0), - SerialNumber: big.NewInt(123123), - Subject: pkix.Name{ - CommonName: "New Name", - Organization: []string{"New Org."}, - }, - BasicConstraintsValid: true, - } - cert, err := x509.CreateCertificate(rand.Reader, &tml, &tml, &key.PublicKey, key) - if err != nil { - t.Fatalf("Failed create cert, %v", err) - } - - certPem := pem.EncodeToMemory(&pem.Block{ - Type: "CERTIFICATE", - Bytes: cert, - }) + key, cert := helpers.GenerateSelfSignedCert(t) - keyPem := pem.EncodeToMemory(&pem.Block{ - Type: "RSA PRIVATE KEY", - Bytes: x509.MarshalPKCS1PrivateKey(key), - }) + keyContents := helpers.Cert{Name: keyFileName, Type: privateKeyType, Contents: key} + certContents := helpers.Cert{Name: certFileName, Type: certificateType, Contents: cert} - certFile := tmpDir + "/cert.pem" - err = os.WriteFile(certFile, certPem, 0o600) - if err != nil { - t.Fatalf("Failed create cert file, %v", err) - } - - keyFile := tmpDir + "/key.pem" - err = os.WriteFile(keyFile, keyPem, 0o600) - if err != nil { - t.Fatalf("Failed create key file, %v", err) - } + keyFile := helpers.WriteCertFiles(t, tmpDir, keyContents) + certFile := helpers.WriteCertFiles(t, tmpDir, certContents) testCases := []struct { testName string @@ -107,44 +76,14 @@ func TestLoadCertificates(t *testing.T) { func TestLoadCertificate(t *testing.T) { tmpDir := t.TempDir() - key, err := rsa.GenerateKey(rand.Reader, 2048) - if err != nil { - t.Fatalf("Failed generate key, %v", err) - } - - tml := x509.Certificate{ - NotBefore: time.Now(), - NotAfter: time.Now().AddDate(5, 0, 0), - SerialNumber: big.NewInt(123123), - Subject: pkix.Name{ - CommonName: "New Name", - Organization: []string{"New Org."}, - }, - BasicConstraintsValid: true, - } - cert, err := x509.CreateCertificate(rand.Reader, &tml, &tml, &key.PublicKey, key) - if err != nil { - t.Fatalf("Failed create cert, %v", err) - } - certPem := pem.EncodeToMemory(&pem.Block{ - Type: "CERTIFICATE", - Bytes: cert, - }) + _, cert := helpers.GenerateSelfSignedCert(t) - // write valid PEM certificate to file - certFile := tmpDir + "/cert.pem" - err = os.WriteFile(certFile, certPem, 0o600) - if err != nil { - t.Fatalf("Failed create cert file, %v", err) - } + certContents := helpers.Cert{Name: certFileName, Type: certificateType, Contents: cert} + certNonPemContents := helpers.Cert{Name: nonPemCertFileName, Type: "", Contents: cert} - // write non-PEM data to file - nonPEMFile := tmpDir + "/cert.nonpem" - err = os.WriteFile(nonPEMFile, cert, 0o600) - if err != nil { - t.Fatalf("Failed create cert file, %v", err) - } + certFile := helpers.WriteCertFiles(t, tmpDir, certContents) + nonPEMFile := helpers.WriteCertFiles(t, tmpDir, certNonPemContents) testCases := []struct { testName string diff --git a/internal/watcher/instance/nginx_config_parser_test.go b/internal/watcher/instance/nginx_config_parser_test.go index e4c493e530..64a2c725a9 100644 --- a/internal/watcher/instance/nginx_config_parser_test.go +++ b/internal/watcher/instance/nginx_config_parser_test.go @@ -346,19 +346,23 @@ func TestNginxConfigParser_sslCert(t *testing.T) { ctx := context.Background() dir := t.TempDir() - file1 := helpers.CreateFileWithErrorCheck(t, dir, "nginx-1.conf") - defer helpers.RemoveFileWithErrorCheck(t, file1.Name()) + _, cert := helpers.GenerateSelfSignedCert(t) + + certContents := helpers.Cert{Name: "nginx.cert", Type: "", Contents: cert} + + certFile := helpers.WriteCertFiles(t, dir, certContents) + require.NotNil(t, certFile) // Not in allowed directory nginxConfig := NewNginxConfigParser(types.AgentConfig()) nginxConfig.agentConfig.AllowedDirectories = []string{} - sslCert := nginxConfig.sslCert(ctx, file1.Name(), dir) + sslCert := nginxConfig.sslCert(ctx, certFile, dir) assert.Nil(t, sslCert) // In allowed directory nginxConfig.agentConfig.AllowedDirectories = []string{dir} - sslCert = nginxConfig.sslCert(ctx, file1.Name(), dir) - assert.Equal(t, file1.Name(), sslCert.GetFileMeta().GetName()) + sslCert = nginxConfig.sslCert(ctx, certFile, dir) + assert.Equal(t, certFile, sslCert.GetFileMeta().GetName()) } func TestNginxConfigParser_urlsForLocationDirective(t *testing.T) { diff --git a/pkg/files/file_helpers_test.go b/pkg/files/file_helpers_test.go index 935c77e078..9e1baba1e1 100644 --- a/pkg/files/file_helpers_test.go +++ b/pkg/files/file_helpers_test.go @@ -39,15 +39,16 @@ func TestGetFileMeta(t *testing.T) { var file *os.File if tt.isCert { - file = helpers.CreateCertFileWithErrorCheck(t, tempDir, "cert.pem") - fileInfo, err := file.Stat() + _, cert := helpers.GenerateSelfSignedCert(t) + + certContents := helpers.Cert{Name: "cert.pem", Type: "CERTIFICATE", Contents: cert} + certFile := helpers.WriteCertFiles(t, tempDir, certContents) + require.NoError(t, err) - expected := protos.CertMeta(file.Name(), "") - expected.Size = fileInfo.Size() - fileMeta, err = FileMetaWithCertificate(file.Name()) - + expected = protos.CertMeta(certFile, "") + fileMeta, err = FileMetaWithCertificate(certFile) } else { - file := helpers.CreateFileWithErrorCheck(t, tempDir, "get_file_meta.txt") + file = helpers.CreateFileWithErrorCheck(t, tempDir, "get_file_meta.txt") expected = protos.FileMeta(file.Name(), "") fileMeta, err = FileMeta(file.Name()) } @@ -58,10 +59,11 @@ func TestGetFileMeta(t *testing.T) { assert.Equal(t, expected.GetName(), fileMeta.GetName()) assert.NotEmpty(t, fileMeta.GetHash()) assert.Equal(t, expected.GetPermissions(), fileMeta.GetPermissions()) - assert.Equal(t, expected.GetSize(), fileMeta.GetSize()) assert.NotNil(t, fileMeta.GetModifiedTime()) - helpers.RemoveFileWithErrorCheck(t, file.Name()) + if file != nil { + helpers.RemoveFileWithErrorCheck(t, file.Name()) + } }) } } @@ -225,4 +227,3 @@ func TestConvertX509SignatureAlgorithm(t *testing.T) { }) } } - diff --git a/test/helpers/os_utils.go b/test/helpers/os_utils.go index b1c8155f6d..5ff3dc9462 100644 --- a/test/helpers/os_utils.go +++ b/test/helpers/os_utils.go @@ -6,15 +6,8 @@ package helpers import ( - "crypto/rand" - "crypto/rsa" - "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" - "math/big" "os" "testing" - "time" "github.com/stretchr/testify/require" ) @@ -40,38 +33,6 @@ func CreateFileWithErrorCheck(t testing.TB, dir, fileName string) *os.File { return testConf } -func CreateCertFileWithErrorCheck(t testing.TB, dir, fileName string) *os.File { - key, err := rsa.GenerateKey(rand.Reader, 2048) - require.NoError(t, err) - - tmpl := x509.Certificate{ - NotBefore: time.Now(), - NotAfter: time.Now().AddDate(5, 0, 0), - SerialNumber: big.NewInt(123123), - Subject: pkix.Name{ - CommonName: "New Subject Name", - Organization: []string{"New Subject Org."}, - }, - Issuer: pkix.Name{ - CommonName: "New Issuer Name", - Organization: []string{"New Issuer Org."}, - }, - BasicConstraintsValid: true, - } - - cert, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, &key.PublicKey, key) - require.NoError(t, err) - - certPem := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cert}) - - file := CreateFileWithErrorCheck(t, dir, "cert.pem") - - err = os.WriteFile(file.Name(), certPem, 0o600) - require.NoError(t, err) - - return file -} - func RemoveFileWithErrorCheck(t testing.TB, fileName string) { t.Helper()