security/pkg/k8s/secret/secret_util_test.go - dubbo-go-pixiu - Git at Google

 // Copyright Istio Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package secret

 import (
 	"bytes"
 	"testing"
 )

 import (
 	v1 "k8s.io/api/core/v1"
 )

 var (
 	cert1Pem = `
 -----BEGIN CERTIFICATE-----
 MIIC3jCCAcagAwIBAgIJAMwyWk0iqlOoMA0GCSqGSIb3DQEBCwUAMBwxGjAYBgNV
 BAoMEWs4cy5jbHVzdGVyLmxvY2FsMB4XDTE4MDkyMTAyMjAzNFoXDTI4MDkxODAy
 MjAzNFowHDEaMBgGA1UECgwRazhzLmNsdXN0ZXIubG9jYWwwggEiMA0GCSqGSIb3
 DQEBAQUAA4IBDwAwggEKAoIBAQC8TDtfy23OKCRnkSYrKZwuHG5lOmTZgLwoFR1h
 3NDTkjR9406CjnAy6Gl73CRG3zRYVgY/2dGNqTzAKRCeKZlOzBlK6Kilb0NIJ6it
 s6ooMAxwXlr7jOKiSn6xbaexVMrP0VPUbCgJxQtGs3++hQ14D6WnyfdzPBZJLKbI
 tVdDnAcl/FJXKVV9gIg+MM0gETWOYj5Yd8Ye0FTvoFcgs8NKkxhEZe/LeYa7XYsk
 S0PymwbHwNZcfC4znp2bzu28LUmUe6kL97YU8ubvhR0muRy6h5MnQNMQrRG5Q5j4
 A2+tkO0vto8gOb6/lacEUVYuQdSkMZJiqWEjWgWKeAYdkTJDAgMBAAGjIzAhMA4G
 A1UdDwEB/wQEAwICBDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
 AQAxWP3MT0IelJcb+e7fNTfMS0r3UhpiNkRU368Z7gJ4tDNOGRPzntW6CLnaE+3g
 IjOMAE8jlXeEmNuXtDQqQoZwWc1D5ma3jyc83E5H9LJzjfmn5rAHafr29YH85Ms2
 VlKdpP+teYg8Cag9u4ar/AUR4zMUEpGK5U+T9IH44lVqVH23T+DxAT+btsyuGiB0
 DsM76XVDj4g3OKCUalu7a8FHvgTkBpUJBl7vwh9kqo9HwCaj4iC2CwveOm0WtSgy
 K9PpVDxTGNSxqsxKn7DJQ15NTOP+gr29ABqFKwRr+S8ggw6evzHbABQTUMebaRSr
 iH7cSgrzZBiUvJmZRi7/BrYU
 -----END CERTIFICATE-----`

 	key1Pem = `
 -----BEGIN PRIVATE KEY-----
 MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC8TDtfy23OKCRn
 kSYrKZwuHG5lOmTZgLwoFR1h3NDTkjR9406CjnAy6Gl73CRG3zRYVgY/2dGNqTzA
 KRCeKZlOzBlK6Kilb0NIJ6its6ooMAxwXlr7jOKiSn6xbaexVMrP0VPUbCgJxQtG
 s3++hQ14D6WnyfdzPBZJLKbItVdDnAcl/FJXKVV9gIg+MM0gETWOYj5Yd8Ye0FTv
 oFcgs8NKkxhEZe/LeYa7XYskS0PymwbHwNZcfC4znp2bzu28LUmUe6kL97YU8ubv
 hR0muRy6h5MnQNMQrRG5Q5j4A2+tkO0vto8gOb6/lacEUVYuQdSkMZJiqWEjWgWK
 eAYdkTJDAgMBAAECggEBAJTemFqmVQwWxKF1Kn4ZibcTF1zFDBLCKwBtoStMD3YW
 M5YL7nhd8OruwOcCJ1Q5CAOHD63PolOjp7otPUwui1y3FJAa3areCo2zfTLHxxG6
 2zrD/p6+xjeVOhFBJsGWzjn7v5FEaWs/9ChTpf2U6A8yH8BGd3MN4Hi96qboaDO0
 fFz3zOu7sgjkDNZiapZpUuqs7a6MCCr2T3FPwdWUiILZF2t5yWd/l8KabP+3QvvR
 tDU6sNv4j8e+dsF2l9ZT81JLkN+f6HvWcLVAADvcBqMcd8lmMSPgxSbytzKanx7o
 wtzIiGkNZBCVKGO7IK2ByCluiyHDpGul60Th7HUluDECgYEA9/Q1gT8LTHz1n6vM
 2n2umQN9R+xOaEYN304D5DQqptN3S0BCJ4dihD0uqEB5osstRTf4QpP/qb2hMDP4
 qWbWyrc7Z5Lyt6HI1ly6VpVnYKb3HDeJ9M+5Se1ttdwyRCzuT4ZBhT5bbqBatsOU
 V7+dyrJKbk8r9K4qy29UFozz/38CgYEAwmhzPVak99rVmqTpe0gPERW//n+PdW3P
 Ta6ongU8zkkw9LAFwgjGtNpd4nlk0iQigiM4jdJDFl6edrRXv2cisEfJ9+s53AOb
 hXui4HAn2rusPK+Dq2InkHYTGjEGDpx94zC/bjYR1GBIsthIh0w2G9ql8yvLatxG
 x6oXEsb7Lz0CgYEA7Oj+/mDYUNrMbSVfdBvF6Rl2aHQWbncQ5h3Khg55+i/uuY3K
 J66pqKQ0ojoIfk0XEh3qLOLv0qUHD+F4Y5OJAuOT9OBo3J/OH1M2D2hs/+JIFUPT
 on+fEE21F6AuvwkXIhCrJb5w6gB47Etuv3CsOXGkwEURQJXw+bODapB+yc0CgYEA
 t7zoTay6NdcJ0yLR2MZ+FvOrhekhuSaTqyPMEa15jq32KwzCJGUPCJbp7MY217V3
 N+/533A+H8JFmoNP+4KKcnknFb2n7Z0rO7licyUNRdniK2jm1O/r3Mj7vOFgjCaz
 hCnqg0tvBn4Jt55aziTlbuXzuiRGGTUfYE4NiJ2vgTECgYEA8di9yqGhETYQkoT3
 E70JpEmkCWiHl/h2ClLcDkj0gXKFxmhzmvs8G5On4S8toNiJ6efmz0KlHN1F7Ldi
 2iVd9LZnFVP1YwG0mvTJxxc5P5Uy5q/EhCLBAetqoTkWYlPcpkcathmCbCpJG4/x
 iOmuuOfQWnMfcVk8I0YDL5+G9Pg=
 -----END PRIVATE KEY-----`
 )

 // TestBuildSecret verifies that BuildSecret returns expected secret.
 func TestBuildSecret(t *testing.T) {
 	CertPem := []byte(cert1Pem)
 	KeyPem := []byte(key1Pem)
 	serviceAccount := ""
 	namespace := "default"
 	secretType := "secret-type"
 	scrtName := "istio-ca-secret"

 	caSecret := BuildSecret(serviceAccount, scrtName, namespace,
 		nil, nil, nil, CertPem, KeyPem, v1.SecretType(secretType))
 	if caSecret.ObjectMeta.Annotations != nil {
 		t.Fatalf("Annotation should be nil but got %v", caSecret)
 	}
 	if caSecret.Data[certChainID] != nil {
 		t.Fatalf("Cert chain should be nil but got %v", caSecret.Data[certChainID])
 	}
 	if caSecret.Data[privateKeyID] != nil {
 		t.Fatalf("Private key should be nil but got %v", caSecret.Data[privateKeyID])
 	}
 	if !bytes.Equal(caSecret.Data[caCertID], CertPem) {
 		t.Fatalf("CA cert does not match, want %v got %v", CertPem, caSecret.Data[caCertID])
 	}
 	if !bytes.Equal(caSecret.Data[caPrivateKeyID], KeyPem) {
 		t.Fatalf("CA cert does not match, want %v got %v", KeyPem, caSecret.Data[caPrivateKeyID])
 	}

 	serverSecret := BuildSecret(serviceAccount, scrtName, namespace,
 		CertPem, KeyPem, nil, nil, nil, v1.SecretType(secretType))
 	if serverSecret.ObjectMeta.Annotations != nil {
 		t.Fatalf("Annotation should be nil but got %v", serverSecret)
 	}
 	if serverSecret.Data[caCertID] != nil {
 		t.Fatalf("CA Cert should be nil but got %v", serverSecret.Data[caCertID])
 	}
 	if serverSecret.Data[caPrivateKeyID] != nil {
 		t.Fatalf("CA private key should be nil but got %v", serverSecret.Data[caPrivateKeyID])
 	}
 	if !bytes.Equal(serverSecret.Data[certChainID], CertPem) {
 		t.Fatalf("Cert chain does not match, want %v got %v", CertPem, serverSecret.Data[certChainID])
 	}
 	if !bytes.Equal(serverSecret.Data[privateKeyID], KeyPem) {
 		t.Fatalf("Private key does not match, want %v got %v", KeyPem, serverSecret.Data[privateKeyID])
 	}

 	serviceAccount = "account"
 	serverSecret = BuildSecret(serviceAccount, scrtName, namespace,
 		CertPem, KeyPem, nil, nil, nil, v1.SecretType(secretType))
 	if serverSecret.ObjectMeta.Annotations == nil {
 		t.Fatal("Annotation should not be nil")
 	}
 	val, ok := serverSecret.ObjectMeta.Annotations[serviceAccountNameAnnotationKey]
 	if !ok {
 		t.Fatalf("Failed to find annotation for %s", serviceAccountNameAnnotationKey)
 	}
 	if val != serviceAccount {
 		t.Fatalf("annotation does not match, got %s want %s", val, serviceAccount)
 	}
 }
	// Copyright Istio Authors
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package secret

	import (
	"bytes"
	"testing"
	)

	import (
	v1 "k8s.io/api/core/v1"
	)

	var (
	cert1Pem = `
	-----BEGIN CERTIFICATE-----
	MIIC3jCCAcagAwIBAgIJAMwyWk0iqlOoMA0GCSqGSIb3DQEBCwUAMBwxGjAYBgNV
	BAoMEWs4cy5jbHVzdGVyLmxvY2FsMB4XDTE4MDkyMTAyMjAzNFoXDTI4MDkxODAy
	MjAzNFowHDEaMBgGA1UECgwRazhzLmNsdXN0ZXIubG9jYWwwggEiMA0GCSqGSIb3
	DQEBAQUAA4IBDwAwggEKAoIBAQC8TDtfy23OKCRnkSYrKZwuHG5lOmTZgLwoFR1h
	3NDTkjR9406CjnAy6Gl73CRG3zRYVgY/2dGNqTzAKRCeKZlOzBlK6Kilb0NIJ6it
	s6ooMAxwXlr7jOKiSn6xbaexVMrP0VPUbCgJxQtGs3++hQ14D6WnyfdzPBZJLKbI
	tVdDnAcl/FJXKVV9gIg+MM0gETWOYj5Yd8Ye0FTvoFcgs8NKkxhEZe/LeYa7XYsk
	S0PymwbHwNZcfC4znp2bzu28LUmUe6kL97YU8ubvhR0muRy6h5MnQNMQrRG5Q5j4
	A2+tkO0vto8gOb6/lacEUVYuQdSkMZJiqWEjWgWKeAYdkTJDAgMBAAGjIzAhMA4G
	A1UdDwEB/wQEAwICBDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
	AQAxWP3MT0IelJcb+e7fNTfMS0r3UhpiNkRU368Z7gJ4tDNOGRPzntW6CLnaE+3g
	IjOMAE8jlXeEmNuXtDQqQoZwWc1D5ma3jyc83E5H9LJzjfmn5rAHafr29YH85Ms2
	VlKdpP+teYg8Cag9u4ar/AUR4zMUEpGK5U+T9IH44lVqVH23T+DxAT+btsyuGiB0
	DsM76XVDj4g3OKCUalu7a8FHvgTkBpUJBl7vwh9kqo9HwCaj4iC2CwveOm0WtSgy
	K9PpVDxTGNSxqsxKn7DJQ15NTOP+gr29ABqFKwRr+S8ggw6evzHbABQTUMebaRSr
	iH7cSgrzZBiUvJmZRi7/BrYU
	-----END CERTIFICATE-----`

	key1Pem = `
	-----BEGIN PRIVATE KEY-----
	MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC8TDtfy23OKCRn
	kSYrKZwuHG5lOmTZgLwoFR1h3NDTkjR9406CjnAy6Gl73CRG3zRYVgY/2dGNqTzA
	KRCeKZlOzBlK6Kilb0NIJ6its6ooMAxwXlr7jOKiSn6xbaexVMrP0VPUbCgJxQtG
	s3++hQ14D6WnyfdzPBZJLKbItVdDnAcl/FJXKVV9gIg+MM0gETWOYj5Yd8Ye0FTv
	oFcgs8NKkxhEZe/LeYa7XYskS0PymwbHwNZcfC4znp2bzu28LUmUe6kL97YU8ubv
	hR0muRy6h5MnQNMQrRG5Q5j4A2+tkO0vto8gOb6/lacEUVYuQdSkMZJiqWEjWgWK
	eAYdkTJDAgMBAAECggEBAJTemFqmVQwWxKF1Kn4ZibcTF1zFDBLCKwBtoStMD3YW
	M5YL7nhd8OruwOcCJ1Q5CAOHD63PolOjp7otPUwui1y3FJAa3areCo2zfTLHxxG6
	2zrD/p6+xjeVOhFBJsGWzjn7v5FEaWs/9ChTpf2U6A8yH8BGd3MN4Hi96qboaDO0
	fFz3zOu7sgjkDNZiapZpUuqs7a6MCCr2T3FPwdWUiILZF2t5yWd/l8KabP+3QvvR
	tDU6sNv4j8e+dsF2l9ZT81JLkN+f6HvWcLVAADvcBqMcd8lmMSPgxSbytzKanx7o
	wtzIiGkNZBCVKGO7IK2ByCluiyHDpGul60Th7HUluDECgYEA9/Q1gT8LTHz1n6vM
	2n2umQN9R+xOaEYN304D5DQqptN3S0BCJ4dihD0uqEB5osstRTf4QpP/qb2hMDP4
	qWbWyrc7Z5Lyt6HI1ly6VpVnYKb3HDeJ9M+5Se1ttdwyRCzuT4ZBhT5bbqBatsOU
	V7+dyrJKbk8r9K4qy29UFozz/38CgYEAwmhzPVak99rVmqTpe0gPERW//n+PdW3P
	Ta6ongU8zkkw9LAFwgjGtNpd4nlk0iQigiM4jdJDFl6edrRXv2cisEfJ9+s53AOb
	hXui4HAn2rusPK+Dq2InkHYTGjEGDpx94zC/bjYR1GBIsthIh0w2G9ql8yvLatxG
	x6oXEsb7Lz0CgYEA7Oj+/mDYUNrMbSVfdBvF6Rl2aHQWbncQ5h3Khg55+i/uuY3K
	J66pqKQ0ojoIfk0XEh3qLOLv0qUHD+F4Y5OJAuOT9OBo3J/OH1M2D2hs/+JIFUPT
	on+fEE21F6AuvwkXIhCrJb5w6gB47Etuv3CsOXGkwEURQJXw+bODapB+yc0CgYEA
	t7zoTay6NdcJ0yLR2MZ+FvOrhekhuSaTqyPMEa15jq32KwzCJGUPCJbp7MY217V3
	N+/533A+H8JFmoNP+4KKcnknFb2n7Z0rO7licyUNRdniK2jm1O/r3Mj7vOFgjCaz
	hCnqg0tvBn4Jt55aziTlbuXzuiRGGTUfYE4NiJ2vgTECgYEA8di9yqGhETYQkoT3
	E70JpEmkCWiHl/h2ClLcDkj0gXKFxmhzmvs8G5On4S8toNiJ6efmz0KlHN1F7Ldi
	2iVd9LZnFVP1YwG0mvTJxxc5P5Uy5q/EhCLBAetqoTkWYlPcpkcathmCbCpJG4/x
	iOmuuOfQWnMfcVk8I0YDL5+G9Pg=
	-----END PRIVATE KEY-----`
	)

	// TestBuildSecret verifies that BuildSecret returns expected secret.
	func TestBuildSecret(t *testing.T) {
	CertPem := []byte(cert1Pem)
	KeyPem := []byte(key1Pem)
	serviceAccount := ""
	namespace := "default"
	secretType := "secret-type"
	scrtName := "istio-ca-secret"

	caSecret := BuildSecret(serviceAccount, scrtName, namespace,
	nil, nil, nil, CertPem, KeyPem, v1.SecretType(secretType))
	if caSecret.ObjectMeta.Annotations != nil {
	t.Fatalf("Annotation should be nil but got %v", caSecret)
	}
	if caSecret.Data[certChainID] != nil {
	t.Fatalf("Cert chain should be nil but got %v", caSecret.Data[certChainID])
	}
	if caSecret.Data[privateKeyID] != nil {
	t.Fatalf("Private key should be nil but got %v", caSecret.Data[privateKeyID])
	}
	if !bytes.Equal(caSecret.Data[caCertID], CertPem) {
	t.Fatalf("CA cert does not match, want %v got %v", CertPem, caSecret.Data[caCertID])
	}
	if !bytes.Equal(caSecret.Data[caPrivateKeyID], KeyPem) {
	t.Fatalf("CA cert does not match, want %v got %v", KeyPem, caSecret.Data[caPrivateKeyID])
	}

	serverSecret := BuildSecret(serviceAccount, scrtName, namespace,
	CertPem, KeyPem, nil, nil, nil, v1.SecretType(secretType))
	if serverSecret.ObjectMeta.Annotations != nil {
	t.Fatalf("Annotation should be nil but got %v", serverSecret)
	}
	if serverSecret.Data[caCertID] != nil {
	t.Fatalf("CA Cert should be nil but got %v", serverSecret.Data[caCertID])
	}
	if serverSecret.Data[caPrivateKeyID] != nil {
	t.Fatalf("CA private key should be nil but got %v", serverSecret.Data[caPrivateKeyID])
	}
	if !bytes.Equal(serverSecret.Data[certChainID], CertPem) {
	t.Fatalf("Cert chain does not match, want %v got %v", CertPem, serverSecret.Data[certChainID])
	}
	if !bytes.Equal(serverSecret.Data[privateKeyID], KeyPem) {
	t.Fatalf("Private key does not match, want %v got %v", KeyPem, serverSecret.Data[privateKeyID])
	}

	serviceAccount = "account"
	serverSecret = BuildSecret(serviceAccount, scrtName, namespace,
	CertPem, KeyPem, nil, nil, nil, v1.SecretType(secretType))
	if serverSecret.ObjectMeta.Annotations == nil {
	t.Fatal("Annotation should not be nil")
	}
	val, ok := serverSecret.ObjectMeta.Annotations[serviceAccountNameAnnotationKey]
	if !ok {
	t.Fatalf("Failed to find annotation for %s", serviceAccountNameAnnotationKey)
	}
	if val != serviceAccount {
	t.Fatalf("annotation does not match, got %s want %s", val, serviceAccount)
	}
	}