Skip to content
This repository was archived by the owner on May 13, 2025. It is now read-only.

Commit daa224c

Browse files
author
Peyton Walters
committed
factor out making svid response
Signed-off-by: Peyton Walters <pwalters18@bloomberg.net>
1 parent 0e7546a commit daa224c

1 file changed

Lines changed: 21 additions & 50 deletions

File tree

internal/common/spiffetrustsource_test.go

Lines changed: 21 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,19 @@ var (
2020
}`
2121
)
2222

23+
// makeX509SVIDResponse is a convenience function for generating X509 responses
24+
func makeX509SVIDResponse(ca *spiffetest.CA, svid []*x509.Certificate, key crypto.Signer) *spiffetest.X509SVIDResponse {
25+
return &spiffetest.X509SVIDResponse{
26+
Bundle: ca.Roots(),
27+
SVIDs: []spiffetest.X509SVID{
28+
{
29+
CertChain: svid,
30+
Key: key,
31+
},
32+
},
33+
}
34+
}
35+
2336
func TestInitalLoad(t *testing.T) {
2437
appFS = afero.NewMemMapFs()
2538

@@ -30,6 +43,8 @@ func TestInitalLoad(t *testing.T) {
3043

3144
source, err := NewSpireTrustSource(map[string]string{}, "vault-spire-certs.json")
3245
require.NoError(t, err)
46+
defer source.Stop()
47+
3348
certs := source.TrustedCertificates()["spiffe://example.org"]
3449
require.Len(t, certs, 1)
3550
assert.Equal(t, x509.MD5WithRSA, certs[0].SignatureAlgorithm)
@@ -44,18 +59,7 @@ func TestWriteCerts(t *testing.T) {
4459
ca := spiffetest.NewCA(t)
4560
svidFoo, keyFoo := ca.CreateX509SVID("spiffe://example.org/foo")
4661

47-
makeX509SVIDResponse := func(svid []*x509.Certificate, key crypto.Signer) *spiffetest.X509SVIDResponse {
48-
return &spiffetest.X509SVIDResponse{
49-
Bundle: ca.Roots(),
50-
SVIDs: []spiffetest.X509SVID{
51-
{
52-
CertChain: svid,
53-
Key: key,
54-
},
55-
},
56-
}
57-
}
58-
workloadAPI.SetX509SVIDResponse(makeX509SVIDResponse(svidFoo, keyFoo))
62+
workloadAPI.SetX509SVIDResponse(makeX509SVIDResponse(ca, svidFoo, keyFoo))
5963

6064
source, err := NewSpireTrustSource(map[string]string{
6165
"spiffe://example.org": workloadAPI.Addr(),
@@ -80,23 +84,13 @@ func TestSpireOverwrite(t *testing.T) {
8084
ca := spiffetest.NewCA(t)
8185
svidFoo, keyFoo := ca.CreateX509SVID("spiffe://example.org/foo")
8286

83-
makeX509SVIDResponse := func(svid []*x509.Certificate, key crypto.Signer) *spiffetest.X509SVIDResponse {
84-
return &spiffetest.X509SVIDResponse{
85-
Bundle: ca.Roots(),
86-
SVIDs: []spiffetest.X509SVID{
87-
{
88-
CertChain: svid,
89-
Key: key,
90-
},
91-
},
92-
}
93-
}
94-
workloadAPI.SetX509SVIDResponse(makeX509SVIDResponse(svidFoo, keyFoo))
87+
workloadAPI.SetX509SVIDResponse(makeX509SVIDResponse(ca, svidFoo, keyFoo))
9588

9689
source, err := NewSpireTrustSource(map[string]string{
9790
"spiffe://example.org": workloadAPI.Addr(),
9891
}, "vault-spire-certs.json")
9992
require.NoError(t, err)
93+
defer source.Stop()
10094

10195
time.Sleep(1 * time.Second) // wait for watcher to get new certs
10296
assert.Equal(t, ca.Roots(), source.TrustedCertificates()["spiffe://example.org"])
@@ -110,43 +104,20 @@ func TestSpireReload(t *testing.T) {
110104

111105
ca := spiffetest.NewCA(t)
112106
svidFoo, keyFoo := ca.CreateX509SVID("spiffe://example.org/foo")
113-
114-
makeX509SVIDResponse := func(svid []*x509.Certificate, key crypto.Signer) *spiffetest.X509SVIDResponse {
115-
return &spiffetest.X509SVIDResponse{
116-
Bundle: ca.Roots(),
117-
SVIDs: []spiffetest.X509SVID{
118-
{
119-
CertChain: svid,
120-
Key: key,
121-
},
122-
},
123-
}
124-
}
125-
workloadAPI.SetX509SVIDResponse(makeX509SVIDResponse(svidFoo, keyFoo))
107+
workloadAPI.SetX509SVIDResponse(makeX509SVIDResponse(ca, svidFoo, keyFoo))
126108

127109
source, err := NewSpireTrustSource(map[string]string{
128110
"spiffe://example.org": workloadAPI.Addr(),
129111
}, "")
130112
require.NoError(t, err)
113+
defer source.Stop()
131114

132115
time.Sleep(1 * time.Second) // wait for watcher to get new certs
133116
assert.Equal(t, ca.Roots(), source.TrustedCertificates()["spiffe://example.org"])
134117

135118
caRot := spiffetest.NewCA(t)
136119
svidFooRot, keyFooRot := ca.CreateX509SVID("spiffe://example.org/foo")
137-
138-
makeX509SVIDResponseRot := func(svid []*x509.Certificate, key crypto.Signer) *spiffetest.X509SVIDResponse {
139-
return &spiffetest.X509SVIDResponse{
140-
Bundle: caRot.Roots(),
141-
SVIDs: []spiffetest.X509SVID{
142-
{
143-
CertChain: svid,
144-
Key: key,
145-
},
146-
},
147-
}
148-
}
149-
workloadAPI.SetX509SVIDResponse(makeX509SVIDResponseRot(svidFooRot, keyFooRot))
120+
workloadAPI.SetX509SVIDResponse(makeX509SVIDResponse(caRot, svidFooRot, keyFooRot))
150121

151122
time.Sleep(1 * time.Second) // wait for watcher to get new certs
152123
assert.Equal(t, caRot.Roots(), source.TrustedCertificates()["spiffe://example.org"])

0 commit comments

Comments
 (0)