diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-05-31 16:18:56 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-05-31 16:18:56 +0200 |
commit | 628432bf640ef1c20c39718dcbb508e4a56bf8b8 (patch) | |
tree | 48142da36f0a1e716424dcfe5aaa27c9c963df8a /security-tools/src/test | |
parent | b0c953ea8f0c6ad4e757797001de85639b3ccdda (diff) |
Add implementation of the 'vespa-security-env' tool
Diffstat (limited to 'security-tools/src/test')
4 files changed, 130 insertions, 0 deletions
diff --git a/security-tools/src/test/java/com/yahoo/vespa/security/tool/securityenv/MainTest.java b/security-tools/src/test/java/com/yahoo/vespa/security/tool/securityenv/MainTest.java new file mode 100644 index 00000000000..6b25c2a2bce --- /dev/null +++ b/security-tools/src/test/java/com/yahoo/vespa/security/tool/securityenv/MainTest.java @@ -0,0 +1,114 @@ +// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.security.tool.securityenv; + +import com.yahoo.security.tls.MixedMode; +import com.yahoo.security.tls.TransportSecurityOptions; +import com.yahoo.security.tls.TransportSecurityUtils; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.TemporaryFolder; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.PrintStream; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.List; +import java.util.Map; + +import static org.assertj.core.api.Assertions.assertThat; + + +/** + * @author bjorncs + */ +public class MainTest { + + private final ByteArrayOutputStream stdOutBytes = new ByteArrayOutputStream(); + private final ByteArrayOutputStream stdErrBytes = new ByteArrayOutputStream(); + private final PrintStream stdOut = new PrintStream(stdOutBytes); + private final PrintStream stdError = new PrintStream(stdErrBytes); + + @Rule + public TemporaryFolder tmpFolder = new TemporaryFolder(); + + @Test + public void prints_help_page_on_help_option() throws IOException { + int exitCode = runMain(List.of("--help"), Map.of()); + assertThat(exitCode).isEqualTo(0); + assertThat(stdOut()).isEqualTo(readTestResource("expected-help-output.txt")); + } + + @Test + public void prints_no_output_when_no_security_config() { + int exitCode = runMain(List.of(), Map.of()); + assertThat(exitCode).isEqualTo(0); + assertThat(stdErr()).isEmpty(); + } + + @Test + public void prints_security_variables_with_specified_shell() throws IOException { + Path configFile = generateConfigFile(); + Map<String, String> env = Map.of(TransportSecurityUtils.CONFIG_FILE_ENVIRONMENT_VARIABLE, configFile.toString()); + int exitCode = runMain(List.of(), env); + assertThat(exitCode).isEqualTo(0); + assertThat(stdOut()).isEqualTo(readTestResource("bash-output.txt")); + } + + @Test + public void prints_security_variables_with_auto_detected_shell() throws IOException { + Path configFile = generateConfigFile(); + Map<String, String> env = Map.of( + TransportSecurityUtils.CONFIG_FILE_ENVIRONMENT_VARIABLE, configFile.toString(), + TransportSecurityUtils.INSECURE_MIXED_MODE_ENVIRONMENT_VARIABLE, MixedMode.TLS_CLIENT_MIXED_SERVER.configValue(), + "SHELL", "/usr/local/bin/fish"); + int exitCode = runMain(List.of(), env); + assertThat(exitCode).isEqualTo(0); + assertThat(stdOut()).isEqualTo(readTestResource("csh-output.txt")); + } + + + @Test + public void prints_error_message_on_unknown_shell_name() { + int exitCode = runMain(List.of("--shell", "invalid-shell-name"), Map.of()); + assertThat(exitCode).isEqualTo(1); + assertThat(stdErr()).isEqualTo("Invalid command line arguments: Unknown shell: invalid-shell-name\n"); + } + + @Test + public void prints_error_message_on_unknown_command_line_parameter() { + int exitCode = runMain(List.of("--unknown-parameter"), Map.of()); + assertThat(exitCode).isEqualTo(1); + assertThat(stdErr()).isEqualTo("Failed to parse command line arguments: Unrecognized option: --unknown-parameter\n"); + } + + private int runMain(List<String> args, Map<String, String> env) { + return new Main(stdOut, stdError).execute(args.toArray(new String[0]), env); + } + + private String stdOut() { + stdOut.flush(); + return stdOutBytes.toString(); + } + + private String stdErr() { + stdError.flush(); + return stdErrBytes.toString(); + } + + private static String readTestResource(String fileName) throws IOException { + return Files.readString(Paths.get(MainTest.class.getResource('/' + fileName).getFile())); + } + + private Path generateConfigFile() throws IOException { + TransportSecurityOptions options = new TransportSecurityOptions.Builder() + .withCertificates(Paths.get("/path/to/certificate"), Paths.get("/path/to/key")) + .withCaCertificates(Paths.get("/path/to/cacerts")) + .build(); + Path configFile = tmpFolder.newFile().toPath(); + options.toJsonFile(configFile); + return configFile; + } + +}
\ No newline at end of file diff --git a/security-tools/src/test/resources/bash-output.txt b/security-tools/src/test/resources/bash-output.txt new file mode 100644 index 00000000000..9d603883953 --- /dev/null +++ b/security-tools/src/test/resources/bash-output.txt @@ -0,0 +1,3 @@ +VESPA_TLS_CA_CERT=/path/to/cacerts; export VESPA_TLS_CA_CERT; +VESPA_TLS_CERT=/path/to/certificate; export VESPA_TLS_CERT; +VESPA_TLS_PRIVATE_KEY=/path/to/key; export VESPA_TLS_PRIVATE_KEY; diff --git a/security-tools/src/test/resources/csh-output.txt b/security-tools/src/test/resources/csh-output.txt new file mode 100644 index 00000000000..6db3e613d90 --- /dev/null +++ b/security-tools/src/test/resources/csh-output.txt @@ -0,0 +1,3 @@ +setenv VESPA_TLS_CA_CERT /path/to/cacerts; +setenv VESPA_TLS_CERT /path/to/certificate; +setenv VESPA_TLS_PRIVATE_KEY /path/to/key; diff --git a/security-tools/src/test/resources/expected-help-output.txt b/security-tools/src/test/resources/expected-help-output.txt new file mode 100644 index 00000000000..e16f1b1dab0 --- /dev/null +++ b/security-tools/src/test/resources/expected-help-output.txt @@ -0,0 +1,10 @@ +usage: vespa-security-env <options> +Generates shell commands that defines environments variables based on the +content of VESPA_TLS_CONFIG_FILE. + -h,--help Show help + -s,--shell <arg> Shell type. Shell type is auto-detected if option not + present. Valid values: ['bourne', 'cshell']. +The output may include the following variables: + - 'VESPA_TLS_CA_CERT': Path to CA certificates file + - 'VESPA_TLS_CERT': Path to certificate file + - 'VESPA_TLS_PRIVATE_KEY': Path to private key file |