-
Notifications
You must be signed in to change notification settings - Fork 144
Expand file tree
/
Copy pathgocb_utils_test.go
More file actions
103 lines (93 loc) · 2.81 KB
/
gocb_utils_test.go
File metadata and controls
103 lines (93 loc) · 2.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
// Copyright 2022-Present Couchbase, Inc.
//
// Use of this software is governed by the Business Source License included
// in the file licenses/BSL-Couchbase.txt. As of the Change Date specified
// in that file, in accordance with the Business Source License, use of this
// software will be governed by the Apache License, Version 2.0, included in
// the file licenses/APL2.txt.
package base
import (
"testing"
"github.com/couchbase/gocb/v2"
"github.com/stretchr/testify/require"
"github.com/stretchr/testify/assert"
)
func TestGoCBv2SecurityConfig(t *testing.T) {
// Mock fake root CA and client certificates for verification
_, _, rootCertPath, _ := mockCertificatesAndKeys(t)
tests := []struct {
name string
tlsSkipVerify *bool
caCertPath string
expectCertPool bool // True if should not be empty, false if nil (true on windows asserts empty due to no System Root Pool)
expectError bool
}{
{
name: "TLS Skip Verify",
tlsSkipVerify: Ptr(true),
caCertPath: "",
expectCertPool: false,
expectError: false,
},
{
name: "File does not exist",
tlsSkipVerify: Ptr(false),
caCertPath: "/var/lib/couchbase/unknown.root.ca.pem",
expectCertPool: false,
expectError: true,
},
{
name: "Normal CA",
tlsSkipVerify: Ptr(false),
caCertPath: rootCertPath,
expectCertPool: true,
expectError: false,
},
{
name: "Normal CA, TLSSkipVerify not set",
tlsSkipVerify: nil,
caCertPath: rootCertPath,
expectCertPool: true,
expectError: false,
},
{
name: "Get root pool",
tlsSkipVerify: nil,
caCertPath: "",
expectCertPool: true,
expectError: false,
},
}
//
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
sc, err := GoCBv2SecurityConfig(TestCtx(t), test.tlsSkipVerify, test.caCertPath)
if test.expectError {
assert.Error(t, err)
assert.Nil(t, sc.TLSRootCAs)
return
}
require.NotNil(t, sc)
expectTLSSkipVerify := false
if test.tlsSkipVerify != nil {
expectTLSSkipVerify = *test.tlsSkipVerify
}
assert.Equal(t, expectTLSSkipVerify, sc.TLSSkipVerify)
if test.expectCertPool == false {
assert.Nil(t, sc.TLSRootCAs)
} else { // Expect populated cert pool
assert.NotEmpty(t, sc.TLSRootCAs)
}
})
}
}
// Regression test for CBG-2230. Ensure that we return an error, rather than nil/nil, when given an invalid path to
// x.509 certs.
func TestGoCBCoreAuthConfigInvalidPaths(t *testing.T) {
_, err := GoCBCoreAuthConfig("", "", "/non/existent/cert", "/non/existent/key")
assert.Error(t, err)
}
func TestGoCBRetryStrategy(t *testing.T) {
assert.IsType(t, &goCBv2FailFastRetryStrategy{}, goCBRetryStrategy(true))
assert.IsType(t, gocb.NewBestEffortRetryStrategy(nil), goCBRetryStrategy(false))
}