// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package troubleshoot
import (
"testing"
"time"
envoy_admin_v3 "github.com/envoyproxy/go-control-plane/envoy/admin/v3"
"github.com/stretchr/testify/require"
"google.golang.org/protobuf/types/known/timestamppb"
)
func TestValidateCerts ( t * testing . T ) {
t . Parallel ( )
anHourAgo := timestamppb . New ( time . Now ( ) . Add ( - 1 * time . Hour ) )
cases := map [ string ] struct {
certs * envoy_admin_v3 . Certificates
expectedError string
} {
"cert is nil" : {
certs : nil ,
expectedError : "Certificate object is nil in the proxy configuration" ,
} ,
"no certificates" : {
certs : & envoy_admin_v3 . Certificates {
Certificates : [ ] * envoy_admin_v3 . Certificate { } ,
} ,
expectedError : "No certificates found" ,
} ,
"ca expired" : {
certs : & envoy_admin_v3 . Certificates {
Certificates : [ ] * envoy_admin_v3 . Certificate {
{
CaCert : [ ] * envoy_admin_v3 . CertificateDetails {
{
ExpirationTime : anHourAgo ,
} ,
} ,
} ,
} ,
} ,
expectedError : "CA certificate is expired" ,
} ,
"cert expired" : {
certs : & envoy_admin_v3 . Certificates {
Certificates : [ ] * envoy_admin_v3 . Certificate {
{
CertChain : [ ] * envoy_admin_v3 . CertificateDetails {
{
ExpirationTime : anHourAgo ,
} ,
} ,
} ,
} ,
} ,
expectedError : "Certificate chain is expired" ,
} ,
}
ts := Troubleshoot { }
for name , tc := range cases {
t . Run ( name , func ( t * testing . T ) {
messages := ts . validateCerts ( tc . certs )
var outputErrors string
for _ , msgError := range messages . Errors ( ) {
outputErrors += msgError . Message
for _ , action := range msgError . PossibleActions {
outputErrors += action
}
}
if tc . expectedError == "" {
require . True ( t , messages . Success ( ) )
} else {
require . Contains ( t , outputErrors , tc . expectedError )
}
} )
}
}
