1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
# frozen_string_literal: true
# rubocop:todo all
require 'mongo'
require 'lite_spec_helper'
describe Mongo::Crypt::KMS do
context 'Validations' do
context '.validate_tls_options' do
it 'returns valid options for nil parameter' do
expect(
Mongo::Crypt::KMS::Validations.validate_tls_options(nil)
).to eq({})
end
it 'accepts empty hash' do
expect(
Mongo::Crypt::KMS::Validations.validate_tls_options({})
).to eq({})
end
it 'does not allow disabled ssl' do
expect {
Mongo::Crypt::KMS::Validations.validate_tls_options(
{
aws: {ssl: false}
}
)
}.to raise_error(ArgumentError, /TLS is required/)
end
it 'does not allow insecure tls options' do
%i(
ssl_verify_certificate
ssl_verify_hostname
).each do |insecure_opt|
expect {
Mongo::Crypt::KMS::Validations.validate_tls_options(
{
aws: {insecure_opt => false}
}
)
}.to raise_error(ArgumentError, /Insecure TLS options prohibited/)
end
end
it 'allows valid options' do
expect do
Mongo::Crypt::KMS::Validations.validate_tls_options(
{
aws: {
ssl: true,
ssl_cert_string: 'Content is not validated',
ssl_verify_ocsp_endpoint: false
}
}
)
end.not_to raise_error
end
end
end
end
|
