From 5dd06567f4bd9a3c6f30935106ecd1c3ecc0ce75 Mon Sep 17 00:00:00 2001
From: Max Lerebourg <maxlerebourg@gmail.com>
Date: Sun, 4 Dec 2022 16:58:06 +0100
Subject: [PATCH] :bento: test validate

---
 bouncer.go      |  14 ++--
 bouncer_test.go | 167 +++++++++++++++++++-----------------------------
 tests/.keytest  |   1 +
 3 files changed, 75 insertions(+), 107 deletions(-)
 create mode 100644 tests/.keytest

diff --git a/bouncer.go b/bouncer.go
index e370807..b07b9c9 100644
--- a/bouncer.go
+++ b/bouncer.go
@@ -468,12 +468,12 @@ func validateParams(config *Config) error {
 	if err := validateParamsRequired(config); err != nil {
 		return err
 	}
+
+	// This only check that the format of the URL scheme:// is correct and do not make requests
 	testURL := url.URL{
 		Scheme: config.CrowdsecLapiScheme,
 		Host:   config.CrowdsecLapiHost,
 	}
-	// This only check that the format of the URL scheme:// is correct and do not make requests
-
 	if _, err := http.NewRequest(http.MethodGet, testURL.String(), nil); err != nil {
 		return fmt.Errorf("CrowdsecLapiScheme://CrowdsecLapiHost: '%v://%v' must be an URL", config.CrowdsecLapiScheme, config.CrowdsecLapiHost)
 	}
@@ -546,6 +546,11 @@ func validateParamsRequired(config *Config) error {
 		"CrowdsecLapiHost":   config.CrowdsecLapiHost,
 		"CrowdsecMode":       config.CrowdsecMode,
 	}
+	for key, val := range requiredStrings {
+		if len(val) == 0 {
+			return fmt.Errorf("%v: cannot be empty", key)
+		}
+	}
 	requiredInt := map[string]int64{
 		"UpdateIntervalSeconds":  config.UpdateIntervalSeconds,
 		"DefaultDecisionSeconds": config.DefaultDecisionSeconds,
@@ -555,11 +560,6 @@ func validateParamsRequired(config *Config) error {
 			return fmt.Errorf("%v: cannot be less than 1", key)
 		}
 	}
-	for key, val := range requiredStrings {
-		if len(val) == 0 {
-			return fmt.Errorf("%v: cannot be empty", key)
-		}
-	}
 	if !contains([]string{noneMode, liveMode, streamMode}, config.CrowdsecMode) {
 		return fmt.Errorf("CrowdsecMode: must be one of 'none', 'live' or 'stream'")
 	}
diff --git a/bouncer_test.go b/bouncer_test.go
index 737cb96..17d3040 100644
--- a/bouncer_test.go
+++ b/bouncer_test.go
@@ -12,69 +12,12 @@ import (
 	ip "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/pkg/ip"
 )
 
-func TestCreation(t *testing.T) {
+func getMinimalConfig() *Config {
 	cfg := CreateConfig()
 	cfg.CrowdsecLapiKey = "test"
-
-	ctx := context.Background()
-	next := http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {})
-
-	handler, err := New(ctx, next, cfg, "demo-plugin")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	recorder := httptest.NewRecorder()
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, "http://localhost", nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	handler.ServeHTTP(recorder, req)
+	return cfg
 }
 
-// func TestValidateParamsCrowdsecLapiKey(t *testing.T) {
-// 	cfg := CreateConfig()
-// 	err := validateParams(cfg)
-// 	fmt.Println(err.Error())
-// 	if err == nil {
-// 		t.Errorf("Need error here %s", err.Error())
-// 	}
-// }
-
-// func TestValidateParamsCrowdsecLapiScheme(t *testing.T) {
-// 	cfg := CreateConfig()
-// 	cfg.CrowdsecLapiKey = "test"
-// 	cfg.CrowdsecLapiScheme = "bad"
-// 	err := validateParams(cfg)
-// 	fmt.Println(err.Error())
-// 	if err == nil {
-// 		t.Errorf("Need error here %s", err.Error())
-// 	}
-// }
-
-// func TestValidateParamsCrowdsecMode(t *testing.T) {
-// 	cfg := CreateConfig()
-// 	cfg.CrowdsecLapiKey = "test"
-// 	cfg.CrowdsecMode = "bad"
-// 	err := validateParams(cfg)
-// 	fmt.Println(err.Error())
-// 	if err == nil {
-// 		t.Errorf("Need error here %s", err.Error())
-// 	}
-// }
-
-// func TestValidateParamsUpdateIntervalSeconds(t *testing.T) {
-// 	cfg := CreateConfig()
-// 	cfg.CrowdsecLapiKey = "test"
-// 	cfg.UpdateIntervalSeconds = 0
-// 	err := validateParams(cfg)
-// 	fmt.Println(err.Error())
-// 	if err == nil {
-// 		t.Errorf("Need error here %s", err.Error())
-// 	}
-// }
-
 func TestServeHTTP(t *testing.T) {
 	cfg := CreateConfig()
 	cfg.CrowdsecLapiKey = "test"
@@ -96,22 +39,6 @@ func TestServeHTTP(t *testing.T) {
 	handler.ServeHTTP(recorder, req)
 }
 
-func TestCreateConfig(t *testing.T) {
-	tests := []struct {
-		name string
-		want *Config
-	}{
-		// TODO: Add test cases.
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if got := CreateConfig(); !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("CreateConfig() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-
 func TestNew(t *testing.T) {
 	type args struct {
 		ctx    context.Context
@@ -213,27 +140,6 @@ func Test_contains(t *testing.T) {
 	}
 }
 
-func Test_startTicker(t *testing.T) {
-	type args struct {
-		config *Config
-		work   func()
-	}
-	tests := []struct {
-		name string
-		args args
-		want chan bool
-	}{
-		// TODO: Add test cases.
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if got := startTicker(tt.args.config, tt.args.work); !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("startTicker() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-
 func Test_handleNoStreamCache(t *testing.T) {
 	type args struct {
 		bouncer  *Bouncer
@@ -326,6 +232,12 @@ func Test_getTLSConfigCrowdsec(t *testing.T) {
 }
 
 func Test_getVariable(t *testing.T) {
+	cfg1 := CreateConfig()
+	cfg1.CrowdsecLapiKey = "test"
+	cfg2 := CreateConfig()
+	cfg2.CrowdsecLapiKeyFile = "./tests/.keytest"
+	cfg3 := CreateConfig()
+	cfg3.CrowdsecLapiKeyFile = "./tests/.bad"
 	type args struct {
 		config *Config
 		key    string
@@ -336,7 +248,24 @@ func Test_getVariable(t *testing.T) {
 		want    string
 		wantErr bool
 	}{
-		// TODO: Add test cases.
+		{
+			name: "valid string",
+			args: args{ config: cfg1, key: "CrowdsecLapiKey" },
+			want: "test",
+			wantErr: false,
+		},
+		{
+			name: "valid file",
+			args: args{ config: cfg2, key: "CrowdsecLapiKey" },
+			want: "test",
+			wantErr: false,
+		},
+		{
+			name: "invalid file",
+			args: args{ config: cfg3, key: "CrowdsecLapiKey" },
+			want: "",
+			wantErr: true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -353,6 +282,19 @@ func Test_getVariable(t *testing.T) {
 }
 
 func Test_validateParams(t *testing.T) {
+	cfg2 := getMinimalConfig()
+	cfg2.CrowdsecLapiScheme = "bad"
+	cfg3 := getMinimalConfig()
+	cfg3.CrowdsecMode = "bad"
+	cfg4 := getMinimalConfig()
+	cfg4.UpdateIntervalSeconds = 0
+	cfg5 := getMinimalConfig()
+	cfg5.ClientTrustedIPs = []string{ 0: "bad" }
+	cfg6 := getMinimalConfig()
+	cfg6.CrowdsecLapiScheme = "https"
+	cfg6.CrowdsecLapiTLSInsecureVerify = true
+	cfg8 := getMinimalConfig()
+	cfg8.CrowdsecLapiScheme = "https"
 	type args struct {
 		config *Config
 	}
@@ -361,7 +303,15 @@ func Test_validateParams(t *testing.T) {
 		args    args
 		wantErr bool
 	}{
-		// TODO: Add test cases.
+		{ name: "good minimal config", args: args{ config: getMinimalConfig() }, wantErr: false },
+		{ name: "bad crowdsec lapi key", args: args{ config: CreateConfig() }, wantErr: true },
+		{ name: "bad crowdsec scheme", args: args{ config: cfg2 }, wantErr: true },
+		{ name: "bad crowdsec mode", args: args{ config: cfg3 }, wantErr: true },
+		{ name: "bad update interval", args: args{ config: cfg4 }, wantErr: true },
+		{ name: "bad clients ips", args: args{ config: cfg5 }, wantErr: true },
+		// HTTPS enabled
+		{ name: "good https config with insecure verify", args: args{ config: cfg6 }, wantErr: false },
+		{ name: "no cert authority", args: args{ config: cfg8 }, wantErr: true },
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -402,7 +352,12 @@ func Test_validateParamsIPs(t *testing.T) {
 		args    args
 		wantErr bool
 	}{
-		// TODO: Add test cases.
+		{ name: "not an ip", args: args{ listIP: []string{ 0: "bad" } }, wantErr: true },
+		{ name: "weird ip", args: args{ listIP: []string{ 0: "0.0.0.0/89" } }, wantErr: true },
+		{ name: "localhost ?", args: args{ listIP: []string{ 0: "localhost" } }, wantErr: true },
+		{ name: "weird ip 2", args: args{ listIP: []string{ 0: "0.0.0.256/12" } }, wantErr: true },
+		{ name: "valid ip", args: args{ listIP: []string{ 0: "0.0.0.0/12" } }, wantErr: false },
+		{ name: "valid ip list", args: args{ listIP: []string{ 0: "0.0.0.0/0", 1: "1.1.1.1/1" } }, wantErr: false },
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -414,6 +369,14 @@ func Test_validateParamsIPs(t *testing.T) {
 }
 
 func Test_validateParamsRequired(t *testing.T) {
+	cfg2 := getMinimalConfig()
+	cfg2.CrowdsecLapiScheme = "bad"
+	cfg3 := getMinimalConfig()
+	cfg3.CrowdsecMode = "bad"
+	cfg4 := getMinimalConfig()
+	cfg4.UpdateIntervalSeconds = 0
+	cfg5 := getMinimalConfig()
+	cfg5.DefaultDecisionSeconds = 0
 	type args struct {
 		config *Config
 	}
@@ -422,7 +385,11 @@ func Test_validateParamsRequired(t *testing.T) {
 		args    args
 		wantErr bool
 	}{
-		// TODO: Add test cases.
+		{ name: "good", args: args{ config: getMinimalConfig() }, wantErr: false },
+		{ name: "bad crowdsec scheme", args: args{ config: cfg2 }, wantErr: true },
+		{ name: "bad crowdsec mode", args: args{ config: cfg3 }, wantErr: true },
+		{ name: "bad update interval seconds", args: args{ config: cfg4 }, wantErr: true },
+		{ name: "bad default decision seconds", args: args{ config: cfg5 }, wantErr: true },
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
diff --git a/tests/.keytest b/tests/.keytest
new file mode 100644
index 0000000..30d74d2
--- /dev/null
+++ b/tests/.keytest
@@ -0,0 +1 @@
+test
\ No newline at end of file