mirror of
https://github.com/alibaba/higress.git
synced 2026-02-22 06:50:50 +08:00
156 lines
3.6 KiB
Go
156 lines
3.6 KiB
Go
// Copyright (c) 2022 Alibaba Group Holding Ltd.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package cert
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestMatchSecretNameByDomain(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
domain string
|
|
credentialCfg []CredentialEntry
|
|
expected string
|
|
}{
|
|
{
|
|
name: "Exact match",
|
|
domain: "example.com",
|
|
credentialCfg: []CredentialEntry{
|
|
{
|
|
Domains: []string{"example.com"},
|
|
TLSSecret: "example-com-tls",
|
|
},
|
|
},
|
|
expected: "example-com-tls",
|
|
},
|
|
|
|
{
|
|
name: "Exact match ignore case ",
|
|
domain: "eXample.com",
|
|
credentialCfg: []CredentialEntry{
|
|
{
|
|
Domains: []string{"example.com"},
|
|
TLSSecret: "example-com-tls",
|
|
},
|
|
},
|
|
expected: "example-com-tls",
|
|
},
|
|
{
|
|
name: "Wildcard match",
|
|
domain: "sub.example.com",
|
|
credentialCfg: []CredentialEntry{
|
|
{
|
|
Domains: []string{"*.example.com"},
|
|
TLSSecret: "wildcard-example-com-tls",
|
|
},
|
|
},
|
|
expected: "wildcard-example-com-tls",
|
|
},
|
|
|
|
{
|
|
name: "Wildcard match ignore case",
|
|
domain: "sub.Example.com",
|
|
credentialCfg: []CredentialEntry{
|
|
{
|
|
Domains: []string{"*.example.com"},
|
|
TLSSecret: "wildcard-example-com-tls",
|
|
},
|
|
},
|
|
expected: "wildcard-example-com-tls",
|
|
},
|
|
{
|
|
name: "* match",
|
|
domain: "blog.example.co.uk",
|
|
credentialCfg: []CredentialEntry{
|
|
{
|
|
Domains: []string{"*"},
|
|
TLSSecret: "blog-co-uk-tls",
|
|
},
|
|
},
|
|
expected: "blog-co-uk-tls",
|
|
},
|
|
{
|
|
name: "No match",
|
|
domain: "unknown.com",
|
|
credentialCfg: []CredentialEntry{
|
|
{
|
|
Domains: []string{"example.com"},
|
|
TLSSecret: "example-com-tls",
|
|
},
|
|
},
|
|
expected: "",
|
|
},
|
|
{
|
|
name: "Multiple matches - first match wins",
|
|
domain: "example.com",
|
|
credentialCfg: []CredentialEntry{
|
|
{
|
|
Domains: []string{"example.com"},
|
|
TLSSecret: "example-com-tls",
|
|
},
|
|
{
|
|
Domains: []string{"*.example.com"},
|
|
TLSSecret: "wildcard-example-com-tls",
|
|
},
|
|
},
|
|
expected: "example-com-tls",
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
cfg := Config{CredentialConfig: tt.credentialCfg}
|
|
result := cfg.MatchSecretNameByDomain(tt.domain)
|
|
assert.Equal(t, tt.expected, result)
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestParseTLSSecret(t *testing.T) {
|
|
tests := []struct {
|
|
tlsSecret string
|
|
expectedNamespace string
|
|
expectedSecretName string
|
|
}{
|
|
{
|
|
tlsSecret: "example-com-tls",
|
|
expectedNamespace: "",
|
|
expectedSecretName: "example-com-tls",
|
|
},
|
|
|
|
{
|
|
tlsSecret: "kube-system/example-com-tls",
|
|
expectedNamespace: "kube-system",
|
|
expectedSecretName: "example-com-tls",
|
|
},
|
|
{
|
|
tlsSecret: "kube-system/example-com/wildcard",
|
|
expectedNamespace: "",
|
|
expectedSecretName: "",
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.tlsSecret, func(t *testing.T) {
|
|
resultNamespace, resultSecretName := ParseTLSSecret(tt.tlsSecret)
|
|
assert.Equal(t, tt.expectedNamespace, resultNamespace)
|
|
assert.Equal(t, tt.expectedSecretName, resultSecretName)
|
|
})
|
|
}
|
|
}
|