pkg/config/security/security_test.go - dubbo-go-pixiu - Git at Google

 // Copyright Istio Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package security_test

 import (
 	"reflect"
 	"testing"
 )

 import (
 	"github.com/apache/dubbo-go-pixiu/pkg/config/security"
 )

 func TestParseJwksURI(t *testing.T) {
 	cases := []struct {
 		in            string
 		expected      security.JwksInfo
 		expectedError bool
 	}{
 		{
 			in:            "foo.bar.com",
 			expectedError: true,
 		},
 		{
 			in:            "tcp://foo.bar.com:abc",
 			expectedError: true,
 		},
 		{
 			in:            "http://foo.bar.com:abc",
 			expectedError: true,
 		},
 		{
 			in: "http://foo.bar.com",
 			expected: security.JwksInfo{
 				Hostname: "foo.bar.com",
 				Scheme:   "http",
 				Port:     80,
 				UseSSL:   false,
 			},
 		},
 		{
 			in: "https://foo.bar.com",
 			expected: security.JwksInfo{
 				Hostname: "foo.bar.com",
 				Scheme:   "https",
 				Port:     443,
 				UseSSL:   true,
 			},
 		},
 		{
 			in: "http://foo.bar.com:1234",
 			expected: security.JwksInfo{
 				Hostname: "foo.bar.com",
 				Scheme:   "http",
 				Port:     1234,
 				UseSSL:   false,
 			},
 		},
 		{
 			in: "https://foo.bar.com:1234/secure/key",
 			expected: security.JwksInfo{
 				Hostname: "foo.bar.com",
 				Scheme:   "https",
 				Port:     1234,
 				UseSSL:   true,
 			},
 		},
 	}
 	for _, c := range cases {
 		actual, err := security.ParseJwksURI(c.in)
 		if c.expectedError == (err == nil) {
 			t.Fatalf("ParseJwksURI(%s): expected error (%v), got (%v)", c.in, c.expectedError, err)
 		}
 		if !reflect.DeepEqual(c.expected, actual) {
 			t.Fatalf("expected %+v, got %+v", c.expected, actual)
 		}
 	}
 }

 func TestValidateCondition(t *testing.T) {
 	cases := []struct {
 		key       string
 		values    []string
 		wantError bool
 	}{
 		{
 			key:       "request.headers[:authority]",
 			values:    []string{"productpage", ""},
 			wantError: true,
 		},
 		{
 			key:    "request.headers[:authority]",
 			values: []string{"productpage"},
 		},
 		{
 			key:       "request.headers[]",
 			values:    []string{"productpage"},
 			wantError: true,
 		},
 		{
 			key:    "source.ip",
 			values: []string{"1.2.3.4", "5.6.7.0/24"},
 		},
 		{
 			key:       "source.ip",
 			values:    []string{"a.b.c.d"},
 			wantError: true,
 		},
 		{
 			key:    "remote.ip",
 			values: []string{"1.2.3.4", "5.6.7.0/24"},
 		},
 		{
 			key:       "remote.ip",
 			values:    []string{"a.b.c.d"},
 			wantError: true,
 		},
 		{
 			key:    "source.namespace",
 			values: []string{"value"},
 		},
 		{
 			key:       "source.user",
 			values:    []string{"value"},
 			wantError: true,
 		},
 		{
 			key:    "source.principal",
 			values: []string{"value"},
 		},
 		{
 			key:    "request.auth.principal",
 			values: []string{"value"},
 		},
 		{
 			key:    "request.auth.audiences",
 			values: []string{"value"},
 		},
 		{
 			key:    "request.auth.presenter",
 			values: []string{"value"},
 		},
 		{
 			key:    "request.auth.claims[id]",
 			values: []string{"123"},
 		},
 		{
 			key:       "request.auth.claims[]",
 			values:    []string{"value"},
 			wantError: true,
 		},
 		{
 			key:    "destination.ip",
 			values: []string{"1.2.3.4", "5.6.7.0/24"},
 		},
 		{
 			key:       "destination.ip",
 			values:    []string{"a.b.c.d"},
 			wantError: true,
 		},
 		{
 			key:    "destination.port",
 			values: []string{"80", "90"},
 		},
 		{
 			key:       "destination.port",
 			values:    []string{"80", "x"},
 			wantError: true,
 		},
 		{
 			key:       "destination.labels[app]",
 			values:    []string{"value"},
 			wantError: true,
 		},
 		{
 			key:       "destination.name",
 			values:    []string{"value"},
 			wantError: true,
 		},
 		{
 			key:       "destination.namespace",
 			values:    []string{"value"},
 			wantError: true,
 		},
 		{
 			key:       "destination.user",
 			values:    []string{"value"},
 			wantError: true,
 		},
 		{
 			key:    "connection.sni",
 			values: []string{"value"},
 		},
 		{
 			key:    "experimental.envoy.filters.a.b[c]",
 			values: []string{"value"},
 		},
 		{
 			key:       "experimental.envoy.filters.a.b.x",
 			values:    []string{"value"},
 			wantError: true,
 		},
 	}
 	for _, c := range cases {
 		err := security.ValidateAttribute(c.key, c.values)
 		if c.wantError == (err == nil) {
 			t.Fatalf("ValidateAttribute(%s): want error (%v) but got (%v)", c.key, c.wantError, err)
 		}
 	}
 }
	// Copyright Istio Authors
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package security_test

	import (
	"reflect"
	"testing"
	)

	import (
	"github.com/apache/dubbo-go-pixiu/pkg/config/security"
	)

	func TestParseJwksURI(t *testing.T) {
	cases := []struct {
	in string
	expected security.JwksInfo
	expectedError bool
	}{
	{
	in: "foo.bar.com",
	expectedError: true,
	},
	{
	in: "tcp://foo.bar.com:abc",
	expectedError: true,
	},
	{
	in: "http://foo.bar.com:abc",
	expectedError: true,
	},
	{
	in: "http://foo.bar.com",
	expected: security.JwksInfo{
	Hostname: "foo.bar.com",
	Scheme: "http",
	Port: 80,
	UseSSL: false,
	},
	},
	{
	in: "https://foo.bar.com",
	expected: security.JwksInfo{
	Hostname: "foo.bar.com",
	Scheme: "https",
	Port: 443,
	UseSSL: true,
	},
	},
	{
	in: "http://foo.bar.com:1234",
	expected: security.JwksInfo{
	Hostname: "foo.bar.com",
	Scheme: "http",
	Port: 1234,
	UseSSL: false,
	},
	},
	{
	in: "https://foo.bar.com:1234/secure/key",
	expected: security.JwksInfo{
	Hostname: "foo.bar.com",
	Scheme: "https",
	Port: 1234,
	UseSSL: true,
	},
	},
	}
	for _, c := range cases {
	actual, err := security.ParseJwksURI(c.in)
	if c.expectedError == (err == nil) {
	t.Fatalf("ParseJwksURI(%s): expected error (%v), got (%v)", c.in, c.expectedError, err)
	}
	if !reflect.DeepEqual(c.expected, actual) {
	t.Fatalf("expected %+v, got %+v", c.expected, actual)
	}
	}
	}

	func TestValidateCondition(t *testing.T) {
	cases := []struct {
	key string
	values []string
	wantError bool
	}{
	{
	key: "request.headers[:authority]",
	values: []string{"productpage", ""},
	wantError: true,
	},
	{
	key: "request.headers[:authority]",
	values: []string{"productpage"},
	},
	{
	key: "request.headers[]",
	values: []string{"productpage"},
	wantError: true,
	},
	{
	key: "source.ip",
	values: []string{"1.2.3.4", "5.6.7.0/24"},
	},
	{
	key: "source.ip",
	values: []string{"a.b.c.d"},
	wantError: true,
	},
	{
	key: "remote.ip",
	values: []string{"1.2.3.4", "5.6.7.0/24"},
	},
	{
	key: "remote.ip",
	values: []string{"a.b.c.d"},
	wantError: true,
	},
	{
	key: "source.namespace",
	values: []string{"value"},
	},
	{
	key: "source.user",
	values: []string{"value"},
	wantError: true,
	},
	{
	key: "source.principal",
	values: []string{"value"},
	},
	{
	key: "request.auth.principal",
	values: []string{"value"},
	},
	{
	key: "request.auth.audiences",
	values: []string{"value"},
	},
	{
	key: "request.auth.presenter",
	values: []string{"value"},
	},
	{
	key: "request.auth.claims[id]",
	values: []string{"123"},
	},
	{
	key: "request.auth.claims[]",
	values: []string{"value"},
	wantError: true,
	},
	{
	key: "destination.ip",
	values: []string{"1.2.3.4", "5.6.7.0/24"},
	},
	{
	key: "destination.ip",
	values: []string{"a.b.c.d"},
	wantError: true,
	},
	{
	key: "destination.port",
	values: []string{"80", "90"},
	},
	{
	key: "destination.port",
	values: []string{"80", "x"},
	wantError: true,
	},
	{
	key: "destination.labels[app]",
	values: []string{"value"},
	wantError: true,
	},
	{
	key: "destination.name",
	values: []string{"value"},
	wantError: true,
	},
	{
	key: "destination.namespace",
	values: []string{"value"},
	wantError: true,
	},
	{
	key: "destination.user",
	values: []string{"value"},
	wantError: true,
	},
	{
	key: "connection.sni",
	values: []string{"value"},
	},
	{
	key: "experimental.envoy.filters.a.b[c]",
	values: []string{"value"},
	},
	{
	key: "experimental.envoy.filters.a.b.x",
	values: []string{"value"},
	wantError: true,
	},
	}
	for _, c := range cases {
	err := security.ValidateAttribute(c.key, c.values)
	if c.wantError == (err == nil) {
	t.Fatalf("ValidateAttribute(%s): want error (%v) but got (%v)", c.key, c.wantError, err)
	}
	}
	}