consul/agent/rpc/peering/validate_test.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1

package peering

import (
	"errors"
	"testing"

	"github.com/stretchr/testify/require"

	"github.com/hashicorp/consul/agent/structs"
)

func TestValidatePeeringToken(t *testing.T) {
	type testCase struct {
		name    string
		token   *structs.PeeringToken
		wantErr error
	}

	tt := []testCase{
		{
			name:    "empty",
			token:   &structs.PeeringToken{},
			wantErr: errPeeringTokenEmptyServerAddresses,
		},
		{
			name: "empty CA",
			token: &structs.PeeringToken{
				CA: []string{},
			},
			wantErr: errPeeringTokenEmptyServerAddresses,
		},
		{
			name: "invalid CA",
			token: &structs.PeeringToken{
				CA: []string{"notavalidcert"},
			},
			wantErr: errors.New("peering token invalid CA: no PEM-encoded data found"),
		},
		{
			name: "invalid CA cert",
			token: &structs.PeeringToken{
				CA: []string{invalidCA},
			},
			wantErr: errors.New("peering token invalid CA: x509: malformed certificate"),
		},
		{
			name: "invalid address port",
			token: &structs.PeeringToken{
				CA:              []string{validCA},
				ServerAddresses: []string{"1.2.3.4"},
			},
			wantErr: &errPeeringInvalidServerAddress{
				"1.2.3.4",
			},
		},
		{
			name: "invalid address port - manual",
			token: &structs.PeeringToken{
				CA:                    []string{validCA},
				ManualServerAddresses: []string{"1.2.3.4"},
			},
			wantErr: &errPeeringInvalidServerAddress{
				"1.2.3.4",
			},
		},
		{
			name: "invalid server name",
			token: &structs.PeeringToken{
				CA:              []string{validCA},
				ServerAddresses: []string{"1.2.3.4:80"},
			},
			wantErr: errPeeringTokenEmptyServerName,
		},
		{
			name: "invalid peer ID",
			token: &structs.PeeringToken{
				CA:              []string{validCA},
				ServerAddresses: []string{validAddress},
				ServerName:      validServerName,
			},
			wantErr: errPeeringTokenEmptyPeerID,
		},
		{
			name: "valid token",
			token: &structs.PeeringToken{
				CA:              []string{validCA},
				ServerAddresses: []string{validAddress},
				ServerName:      validServerName,
				PeerID:          validPeerID,
			},
		},
		{
			name: "valid token with hostname address",
			token: &structs.PeeringToken{
				CA:              []string{validCA},
				ServerAddresses: []string{validHostnameAddress},
				ServerName:      validServerName,
				PeerID:          validPeerID,
			},
		},
	}

	for _, tc := range tt {
		t.Run(tc.name, func(t *testing.T) {
			err := validatePeeringToken(tc.token)
			if tc.wantErr != nil {
				if err == nil {
					t.Error("expected error but got nil")
					return
				}
				require.Contains(t, err.Error(), tc.wantErr.Error())
				return
			}
			require.NoError(t, err)
		})
	}
}