|
|
|
@ -12,6 +12,7 @@ import (
|
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
|
|
"google.golang.org/protobuf/encoding/protojson"
|
|
|
|
|
"google.golang.org/protobuf/types/known/wrapperspb"
|
|
|
|
|
|
|
|
|
|
"go.step.sm/linkedca"
|
|
|
|
|
|
|
|
|
@ -1920,3 +1921,83 @@ func TestPolicyAdminResponder_DeleteACMEAccountPolicy(t *testing.T) {
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func Test_applyConditionalDefaults(t *testing.T) {
|
|
|
|
|
tests := []struct {
|
|
|
|
|
name string
|
|
|
|
|
policy *linkedca.Policy
|
|
|
|
|
expected *linkedca.Policy
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
name: "no-x509",
|
|
|
|
|
policy: &linkedca.Policy{
|
|
|
|
|
Ssh: &linkedca.SSHPolicy{},
|
|
|
|
|
},
|
|
|
|
|
expected: &linkedca.Policy{
|
|
|
|
|
Ssh: &linkedca.SSHPolicy{},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "with-x509-verify-subject-common-name",
|
|
|
|
|
policy: &linkedca.Policy{
|
|
|
|
|
X509: &linkedca.X509Policy{
|
|
|
|
|
Allow: &linkedca.X509Names{
|
|
|
|
|
Dns: []string{"*.local"},
|
|
|
|
|
},
|
|
|
|
|
VerifySubjectCommonName: &wrapperspb.BoolValue{Value: true},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
expected: &linkedca.Policy{
|
|
|
|
|
X509: &linkedca.X509Policy{
|
|
|
|
|
Allow: &linkedca.X509Names{
|
|
|
|
|
Dns: []string{"*.local"},
|
|
|
|
|
},
|
|
|
|
|
VerifySubjectCommonName: &wrapperspb.BoolValue{Value: true},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "without-x509-verify-subject-common-name",
|
|
|
|
|
policy: &linkedca.Policy{
|
|
|
|
|
X509: &linkedca.X509Policy{
|
|
|
|
|
Allow: &linkedca.X509Names{
|
|
|
|
|
Dns: []string{"*.local"},
|
|
|
|
|
},
|
|
|
|
|
VerifySubjectCommonName: &wrapperspb.BoolValue{Value: false},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
expected: &linkedca.Policy{
|
|
|
|
|
X509: &linkedca.X509Policy{
|
|
|
|
|
Allow: &linkedca.X509Names{
|
|
|
|
|
Dns: []string{"*.local"},
|
|
|
|
|
},
|
|
|
|
|
VerifySubjectCommonName: &wrapperspb.BoolValue{Value: false},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "no-x509-verify-subject-common-name",
|
|
|
|
|
policy: &linkedca.Policy{
|
|
|
|
|
X509: &linkedca.X509Policy{
|
|
|
|
|
Allow: &linkedca.X509Names{
|
|
|
|
|
Dns: []string{"*.local"},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
expected: &linkedca.Policy{
|
|
|
|
|
X509: &linkedca.X509Policy{
|
|
|
|
|
Allow: &linkedca.X509Names{
|
|
|
|
|
Dns: []string{"*.local"},
|
|
|
|
|
},
|
|
|
|
|
VerifySubjectCommonName: &wrapperspb.BoolValue{Value: true},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
|
applyConditionalDefaults(tt.policy)
|
|
|
|
|
assert.Equals(t, tt.expected, tt.policy)
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|