Add implementation of the 'vespa-security-env' tool

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-05-31 16:18:56 +0200
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-05-31 16:18:56 +0200
commit: 628432bf640ef1c20c39718dcbb508e4a56bf8b8 (patch)
tree: 48142da36f0a1e716424dcfe5aaa27c9c963df8a /security-tools/src/test
parent: b0c953ea8f0c6ad4e757797001de85639b3ccdda (diff)
4 files changed, 130 insertions, 0 deletions
diff --git a/security-tools/src/test/java/com/yahoo/vespa/security/tool/securityenv/MainTest.java b/security-tools/src/test/java/com/yahoo/vespa/security/tool/securityenv/MainTest.java
new file mode 100644
index 00000000000..6b25c2a2bce
--- /dev/null
+++ b/security-tools/src/test/java/com/yahoo/vespa/security/tool/securityenv/MainTest.java
@@ -0,0 +1,114 @@
+// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.security.tool.securityenv;
+
+import com.yahoo.security.tls.MixedMode;
+import com.yahoo.security.tls.TransportSecurityOptions;
+import com.yahoo.security.tls.TransportSecurityUtils;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.PrintStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.List;
+import java.util.Map;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+
+/**
+ * @author bjorncs
+ */
+public class MainTest {
+
+    private final ByteArrayOutputStream stdOutBytes = new ByteArrayOutputStream();
+    private final ByteArrayOutputStream stdErrBytes = new ByteArrayOutputStream();
+    private final PrintStream stdOut = new PrintStream(stdOutBytes);
+    private final PrintStream stdError = new PrintStream(stdErrBytes);
+
+    @Rule
+    public TemporaryFolder tmpFolder = new TemporaryFolder();
+
+    @Test
+    public void prints_help_page_on_help_option() throws IOException {
+        int exitCode = runMain(List.of("--help"), Map.of());
+        assertThat(exitCode).isEqualTo(0);
+        assertThat(stdOut()).isEqualTo(readTestResource("expected-help-output.txt"));
+    }
+
+    @Test
+    public void prints_no_output_when_no_security_config() {
+        int exitCode = runMain(List.of(), Map.of());
+        assertThat(exitCode).isEqualTo(0);
+        assertThat(stdErr()).isEmpty();
+    }
+
+    @Test
+    public void prints_security_variables_with_specified_shell() throws IOException {
+        Path configFile = generateConfigFile();
+        Map<String, String> env = Map.of(TransportSecurityUtils.CONFIG_FILE_ENVIRONMENT_VARIABLE, configFile.toString());
+        int exitCode = runMain(List.of(), env);
+        assertThat(exitCode).isEqualTo(0);
+        assertThat(stdOut()).isEqualTo(readTestResource("bash-output.txt"));
+    }
+
+    @Test
+    public void prints_security_variables_with_auto_detected_shell() throws IOException {
+        Path configFile = generateConfigFile();
+        Map<String, String> env = Map.of(
+                TransportSecurityUtils.CONFIG_FILE_ENVIRONMENT_VARIABLE, configFile.toString(),
+                TransportSecurityUtils.INSECURE_MIXED_MODE_ENVIRONMENT_VARIABLE, MixedMode.TLS_CLIENT_MIXED_SERVER.configValue(),
+                "SHELL", "/usr/local/bin/fish");
+        int exitCode = runMain(List.of(), env);
+        assertThat(exitCode).isEqualTo(0);
+        assertThat(stdOut()).isEqualTo(readTestResource("csh-output.txt"));
+    }
+
+
+    @Test
+    public void prints_error_message_on_unknown_shell_name() {
+        int exitCode = runMain(List.of("--shell", "invalid-shell-name"), Map.of());
+        assertThat(exitCode).isEqualTo(1);
+        assertThat(stdErr()).isEqualTo("Invalid command line arguments: Unknown shell: invalid-shell-name\n");
+    }
+
+    @Test
+    public void prints_error_message_on_unknown_command_line_parameter() {
+        int exitCode = runMain(List.of("--unknown-parameter"), Map.of());
+        assertThat(exitCode).isEqualTo(1);
+        assertThat(stdErr()).isEqualTo("Failed to parse command line arguments: Unrecognized option: --unknown-parameter\n");
+    }
+
+    private int runMain(List<String> args, Map<String, String> env) {
+        return new Main(stdOut, stdError).execute(args.toArray(new String[0]), env);
+    }
+
+    private String stdOut() {
+        stdOut.flush();
+        return stdOutBytes.toString();
+    }
+
+    private String stdErr() {
+        stdError.flush();
+        return stdErrBytes.toString();
+    }
+
+    private static String readTestResource(String fileName) throws IOException {
+        return Files.readString(Paths.get(MainTest.class.getResource('/' + fileName).getFile()));
+    }
+
+    private Path generateConfigFile() throws IOException {
+        TransportSecurityOptions options = new TransportSecurityOptions.Builder()
+                .withCertificates(Paths.get("/path/to/certificate"), Paths.get("/path/to/key"))
+                .withCaCertificates(Paths.get("/path/to/cacerts"))
+                .build();
+        Path configFile = tmpFolder.newFile().toPath();
+        options.toJsonFile(configFile);
+        return configFile;
+    }
+
+}
+\ No newline at end of file
diff --git a/security-tools/src/test/resources/bash-output.txt b/security-tools/src/test/resources/bash-output.txt
new file mode 100644
index 00000000000..9d603883953
--- /dev/null
+++ b/security-tools/src/test/resources/bash-output.txt
@@ -0,0 +1,3 @@
+VESPA_TLS_CA_CERT=/path/to/cacerts; export VESPA_TLS_CA_CERT;
+VESPA_TLS_CERT=/path/to/certificate; export VESPA_TLS_CERT;
+VESPA_TLS_PRIVATE_KEY=/path/to/key; export VESPA_TLS_PRIVATE_KEY;
diff --git a/security-tools/src/test/resources/csh-output.txt b/security-tools/src/test/resources/csh-output.txt
new file mode 100644
index 00000000000..6db3e613d90
--- /dev/null
+++ b/security-tools/src/test/resources/csh-output.txt
@@ -0,0 +1,3 @@
+setenv VESPA_TLS_CA_CERT /path/to/cacerts;
+setenv VESPA_TLS_CERT /path/to/certificate;
+setenv VESPA_TLS_PRIVATE_KEY /path/to/key;
diff --git a/security-tools/src/test/resources/expected-help-output.txt b/security-tools/src/test/resources/expected-help-output.txt
new file mode 100644
index 00000000000..e16f1b1dab0
--- /dev/null
+++ b/security-tools/src/test/resources/expected-help-output.txt
@@ -0,0 +1,10 @@
+usage: vespa-security-env <options>
+Generates shell commands that defines environments variables based on the
+content of VESPA_TLS_CONFIG_FILE.
+ -h,--help          Show help
+ -s,--shell <arg>   Shell type. Shell type is auto-detected if option not
+                    present. Valid values: ['bourne', 'cshell'].
+The output may include the following variables:
+ - 'VESPA_TLS_CA_CERT': Path to CA certificates file
+ - 'VESPA_TLS_CERT': Path to certificate file
+ - 'VESPA_TLS_PRIVATE_KEY': Path to private key file
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-05-31 16:18:56 +0200
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-05-31 16:18:56 +0200
commit	628432bf640ef1c20c39718dcbb508e4a56bf8b8 (patch)
tree	48142da36f0a1e716424dcfe5aaa27c9c963df8a /security-tools/src/test
parent	b0c953ea8f0c6ad4e757797001de85639b3ccdda (diff)