blob: c3946d8e31bb886f9fdb064ffce308d8155ac425 [file] [log] [blame]
// Copyright Istio Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package security_test
import (
"reflect"
"testing"
)
import (
"github.com/apache/dubbo-go-pixiu/pkg/config/security"
)
func TestParseJwksURI(t *testing.T) {
cases := []struct {
in string
expected security.JwksInfo
expectedError bool
}{
{
in: "foo.bar.com",
expectedError: true,
},
{
in: "tcp://foo.bar.com:abc",
expectedError: true,
},
{
in: "http://foo.bar.com:abc",
expectedError: true,
},
{
in: "http://foo.bar.com",
expected: security.JwksInfo{
Hostname: "foo.bar.com",
Scheme: "http",
Port: 80,
UseSSL: false,
},
},
{
in: "https://foo.bar.com",
expected: security.JwksInfo{
Hostname: "foo.bar.com",
Scheme: "https",
Port: 443,
UseSSL: true,
},
},
{
in: "http://foo.bar.com:1234",
expected: security.JwksInfo{
Hostname: "foo.bar.com",
Scheme: "http",
Port: 1234,
UseSSL: false,
},
},
{
in: "https://foo.bar.com:1234/secure/key",
expected: security.JwksInfo{
Hostname: "foo.bar.com",
Scheme: "https",
Port: 1234,
UseSSL: true,
},
},
}
for _, c := range cases {
actual, err := security.ParseJwksURI(c.in)
if c.expectedError == (err == nil) {
t.Fatalf("ParseJwksURI(%s): expected error (%v), got (%v)", c.in, c.expectedError, err)
}
if !reflect.DeepEqual(c.expected, actual) {
t.Fatalf("expected %+v, got %+v", c.expected, actual)
}
}
}
func TestValidateCondition(t *testing.T) {
cases := []struct {
key string
values []string
wantError bool
}{
{
key: "request.headers[:authority]",
values: []string{"productpage", ""},
wantError: true,
},
{
key: "request.headers[:authority]",
values: []string{"productpage"},
},
{
key: "request.headers[]",
values: []string{"productpage"},
wantError: true,
},
{
key: "source.ip",
values: []string{"1.2.3.4", "5.6.7.0/24"},
},
{
key: "source.ip",
values: []string{"a.b.c.d"},
wantError: true,
},
{
key: "remote.ip",
values: []string{"1.2.3.4", "5.6.7.0/24"},
},
{
key: "remote.ip",
values: []string{"a.b.c.d"},
wantError: true,
},
{
key: "source.namespace",
values: []string{"value"},
},
{
key: "source.user",
values: []string{"value"},
wantError: true,
},
{
key: "source.principal",
values: []string{"value"},
},
{
key: "request.auth.principal",
values: []string{"value"},
},
{
key: "request.auth.audiences",
values: []string{"value"},
},
{
key: "request.auth.presenter",
values: []string{"value"},
},
{
key: "request.auth.claims[id]",
values: []string{"123"},
},
{
key: "request.auth.claims[]",
values: []string{"value"},
wantError: true,
},
{
key: "destination.ip",
values: []string{"1.2.3.4", "5.6.7.0/24"},
},
{
key: "destination.ip",
values: []string{"a.b.c.d"},
wantError: true,
},
{
key: "destination.port",
values: []string{"80", "90"},
},
{
key: "destination.port",
values: []string{"80", "x"},
wantError: true,
},
{
key: "destination.labels[app]",
values: []string{"value"},
wantError: true,
},
{
key: "destination.name",
values: []string{"value"},
wantError: true,
},
{
key: "destination.namespace",
values: []string{"value"},
wantError: true,
},
{
key: "destination.user",
values: []string{"value"},
wantError: true,
},
{
key: "connection.sni",
values: []string{"value"},
},
{
key: "experimental.envoy.filters.a.b[c]",
values: []string{"value"},
},
{
key: "experimental.envoy.filters.a.b.x",
values: []string{"value"},
wantError: true,
},
}
for _, c := range cases {
err := security.ValidateAttribute(c.key, c.values)
if c.wantError == (err == nil) {
t.Fatalf("ValidateAttribute(%s): want error (%v) but got (%v)", c.key, c.wantError, err)
}
}
}