Added tests

Signed-off-by: Levi Harrison <git@leviharrison.dev>
prometheus · Nov 24, 2021 · 546ae0d · 546ae0d
1 parent 773b2ad
commit 546ae0d
Showing 1 changed file with 111 additions and 2 deletions.
diff --git a/config/http_config_test.go b/config/http_config_test.go
@@ -717,15 +717,15 @@ func TestTLSConfigInvalidCA(t *testing.T) {
 				KeyFile:            ClientKeyNoPassPath,
 				ServerName:         "",
 				InsecureSkipVerify: false},
-			errorMessage: fmt.Sprintf("unable to use specified client cert (%s) & key (%s):", MissingCert, ClientKeyNoPassPath),
+			errorMessage: fmt.Sprintf("unable to read specified client cert (%s) & key (%s):", MissingCert, ClientKeyNoPassPath),
 		}, {
 			configTLSConfig: TLSConfig{
 				CAFile:             "",
 				CertFile:           ClientCertificatePath,
 				KeyFile:            MissingKey,
 				ServerName:         "",
 				InsecureSkipVerify: false},
-			errorMessage: fmt.Sprintf("unable to use specified client cert (%s) & key (%s):", ClientCertificatePath, MissingKey),
+			errorMessage: fmt.Sprintf("unable to read specified client cert (%s) & key (%s):", ClientCertificatePath, MissingKey),
 		},
 	}
 
@@ -1481,3 +1481,112 @@ func TestMarshalURLWithSecret(t *testing.T) {
 		t.Fatalf("URL not properly marshaled in YAML, got '%s'", string(b))
 	}
 }
+
+func TestModifyTLSCertificates(t *testing.T) {
+	bs := getCertificateBlobs(t)
+
+	tmpDir, err := ioutil.TempDir("", "modifytlscertificates")
+	if err != nil {
+		t.Fatal("Failed to create tmp dir", err)
+	}
+	defer os.RemoveAll(tmpDir)
+	ca, cert, key := filepath.Join(tmpDir, "ca"), filepath.Join(tmpDir, "cert"), filepath.Join(tmpDir, "key")
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprint(w, ExpectedMessage)
+	}
+	testServer, err := newTestServer(handler)
+	if err != nil {
+		t.Fatal(err.Error())
+	}
+	defer testServer.Close()
+
+	tests := []struct {
+		ca   string
+		cert string
+		key  string
+
+		errMsg string
+
+		modification func()
+	}{
+		{
+			ca:   ClientCertificatePath,
+			cert: ClientCertificatePath,
+			key:  ClientKeyNoPassPath,
+
+			errMsg: "certificate signed by unknown authority",
+
+			modification: func() { writeCertificate(bs, TLSCAChainPath, ca) },
+		},
+		{
+			ca:   TLSCAChainPath,
+			cert: WrongClientCertPath,
+			key:  ClientKeyNoPassPath,
+
+			modification: func() { writeCertificate(bs, ClientCertificatePath, cert) },
+		},
+		{
+			ca:   TLSCAChainPath,
+			cert: ClientCertificatePath,
+			key:  WrongClientCertPath,
+
+			modification: func() { writeCertificate(bs, ClientKeyNoPassPath, key) },
+		},
+	}
+
+	cfg := HTTPClientConfig{
+		TLSConfig: TLSConfig{
+			CAFile:             ca,
+			CertFile:           cert,
+			KeyFile:            key,
+			InsecureSkipVerify: false},
+	}
+
+	var c *http.Client
+	for i, tc := range tests {
+		t.Run(strconv.Itoa(i), func(t *testing.T) {
+			writeCertificate(bs, tc.ca, ca)
+			writeCertificate(bs, tc.cert, cert)
+			writeCertificate(bs, tc.key, key)
+			if c == nil {
+				c, err = NewClientFromConfig(cfg, "test")
+				if err != nil {
+					t.Fatalf("Error creating HTTP Client: %v", err)
+				}
+			}
+
+			req, err := http.NewRequest(http.MethodGet, testServer.URL, nil)
+			if err != nil {
+				t.Fatalf("Error creating HTTP request: %v", err)
+			}
+
+			r, err := c.Do(req)
+			if err == nil {
+				r.Body.Close()
+				t.Fatalf("Could connect to the test server.")
+			}
+			if !strings.Contains(err.Error(), tc.errMsg) {
+				t.Fatalf("Expected error message to contain %q, got %q", tc.errMsg, err)
+			}
+
+			tc.modification()
+
+			r, err = c.Do(req)
+			if err != nil {
+				t.Fatalf("Expected no error, got %q", err)
+			}
+
+			b, err := ioutil.ReadAll(r.Body)
+			r.Body.Close()
+			if err != nil {
+				t.Errorf("Can't read the server response body")
+			}
+
+			got := strings.TrimSpace(string(b))
+			if ExpectedMessage != got {
+				t.Errorf("The expected message %q differs from the obtained message %q", ExpectedMessage, got)
+			}
+		})
+	}
+}