1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
package federation_test
import (
"context"
"testing"
"time"
"github.com/spiffe/go-spiffe/v2/bundle/spiffebundle"
"github.com/spiffe/go-spiffe/v2/federation"
"github.com/spiffe/go-spiffe/v2/internal/test"
"github.com/spiffe/go-spiffe/v2/internal/test/fakebundleendpoint"
"github.com/stretchr/testify/assert"
)
func TestWatchBundle_OnUpdate(t *testing.T) {
var watcher *fakewatcher
ca1 := test.NewCA(t, td)
bundle1 := ca1.Bundle()
bundle1.SetRefreshHint(time.Second)
ca2 := test.NewCA(t, td)
bundle2 := ca2.Bundle()
bundle2.SetRefreshHint(2 * time.Second)
bundles := []*spiffebundle.Bundle{bundle1, bundle2}
be := fakebundleendpoint.New(t, fakebundleendpoint.WithTestBundles(bundle1, bundle2))
defer be.Shutdown()
ctx, cancel := context.WithCancel(context.Background())
watcher = &fakewatcher{
t: t,
nextRefresh: time.Second,
expectedBundles: bundles,
cancel: func() {
if watcher.onUpdateCalls > 1 {
cancel()
}
},
latestBundle: &spiffebundle.Bundle{},
}
err := federation.WatchBundle(ctx, td, be.FetchBundleURL(), watcher, federation.WithWebPKIRoots(be.RootCAs()))
assert.Equal(t, 2, watcher.onUpdateCalls)
assert.Equal(t, 0, watcher.onErrorCalls)
assert.Equal(t, context.Canceled, err)
}
func TestWatchBundle_OnError(t *testing.T) {
ctx, cancel := context.WithCancel(context.Background())
watcher := &fakewatcher{
t: t,
nextRefresh: time.Second,
expectedErr: `federation: could not GET bundle: Get "?wrong%20url"?: unsupported protocol scheme ""`,
cancel: cancel,
latestBundle: &spiffebundle.Bundle{},
}
err := federation.WatchBundle(ctx, td, "wrong url", watcher)
assert.Equal(t, 0, watcher.onUpdateCalls)
assert.Equal(t, 1, watcher.onErrorCalls)
assert.Equal(t, context.Canceled, err)
}
func TestWatchBundle_NilWatcher(t *testing.T) {
err := federation.WatchBundle(context.Background(), td, "some url", nil)
assert.EqualError(t, err, "federation: watcher cannot be nil")
}
func TestWatchBundle_FetchBundleCanceled(t *testing.T) {
be := fakebundleendpoint.New(t)
defer be.Shutdown()
ctx, cancel := context.WithCancel(context.Background())
watcher := &fakewatcher{
t: t,
nextRefresh: time.Second,
}
cancel()
err := federation.WatchBundle(ctx, td, be.FetchBundleURL(), watcher, federation.WithWebPKIRoots(be.RootCAs()))
assert.Equal(t, context.Canceled, err)
}
type fakewatcher struct {
t *testing.T
nextRefresh time.Duration
expectedBundles []*spiffebundle.Bundle
expectedErr string
cancel context.CancelFunc
onUpdateCalls int
onErrorCalls int
latestBundle *spiffebundle.Bundle
}
func (w *fakewatcher) NextRefresh(refreshHint time.Duration) time.Duration {
if rh, ok := w.latestBundle.RefreshHint(); ok {
assert.Equal(w.t, rh, refreshHint)
} else {
assert.Equal(w.t, time.Duration(0), refreshHint)
}
return w.nextRefresh
}
func (w *fakewatcher) OnUpdate(bundle *spiffebundle.Bundle) {
w.latestBundle = bundle
assert.Equal(w.t, w.expectedBundles[w.onUpdateCalls], bundle)
w.onUpdateCalls++
w.cancel()
}
func (w *fakewatcher) OnError(err error) {
assert.Regexp(w.t, w.expectedErr, err.Error())
w.onErrorCalls++
w.cancel()
}
|
