Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix testifylint lint errors #1321

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Fix testifylint lint errors #1321

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
1ccd1ad
Fix bool-compare
jasikpark Jan 28, 2025
2608047
Fix empty
jasikpark Jan 28, 2025
65f08c2
Fix encoded-compare
jasikpark Jan 28, 2025
2eee0db
Fix error-is-as
jasikpark Jan 28, 2025
ee8f3bf
Fix error-nil
jasikpark Jan 28, 2025
6983644
Fix expected-actual
jasikpark Jan 28, 2025
1ea72b2
Fix len
jasikpark Jan 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 15 additions & 15 deletions allow_list_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ func TestNewAllowListFromConfig(t *testing.T) {
}

func TestAllowList_Allow(t *testing.T) {
assert.Equal(t, true, ((*AllowList)(nil)).Allow(netip.MustParseAddr("1.1.1.1")))
assert.True(t, ((*AllowList)(nil)).Allow(netip.MustParseAddr("1.1.1.1")))

tree := new(bart.Table[bool])
tree.Insert(netip.MustParsePrefix("0.0.0.0/0"), true)
Expand All @@ -111,35 +111,35 @@ func TestAllowList_Allow(t *testing.T) {
tree.Insert(netip.MustParsePrefix("::2/128"), false)
al := &AllowList{cidrTree: tree}

assert.Equal(t, true, al.Allow(netip.MustParseAddr("1.1.1.1")))
assert.Equal(t, false, al.Allow(netip.MustParseAddr("10.0.0.4")))
assert.Equal(t, true, al.Allow(netip.MustParseAddr("10.42.42.42")))
assert.Equal(t, false, al.Allow(netip.MustParseAddr("10.42.42.41")))
assert.Equal(t, true, al.Allow(netip.MustParseAddr("10.42.0.1")))
assert.Equal(t, true, al.Allow(netip.MustParseAddr("::1")))
assert.Equal(t, false, al.Allow(netip.MustParseAddr("::2")))
assert.True(t, al.Allow(netip.MustParseAddr("1.1.1.1")))
assert.False(t, al.Allow(netip.MustParseAddr("10.0.0.4")))
assert.True(t, al.Allow(netip.MustParseAddr("10.42.42.42")))
assert.False(t, al.Allow(netip.MustParseAddr("10.42.42.41")))
assert.True(t, al.Allow(netip.MustParseAddr("10.42.0.1")))
assert.True(t, al.Allow(netip.MustParseAddr("::1")))
assert.False(t, al.Allow(netip.MustParseAddr("::2")))
}

func TestLocalAllowList_AllowName(t *testing.T) {
assert.Equal(t, true, ((*LocalAllowList)(nil)).AllowName("docker0"))
assert.True(t, ((*LocalAllowList)(nil)).AllowName("docker0"))

rules := []AllowListNameRule{
{Name: regexp.MustCompile("^docker.*$"), Allow: false},
{Name: regexp.MustCompile("^tun.*$"), Allow: false},
}
al := &LocalAllowList{nameRules: rules}

assert.Equal(t, false, al.AllowName("docker0"))
assert.Equal(t, false, al.AllowName("tun0"))
assert.Equal(t, true, al.AllowName("eth0"))
assert.False(t, al.AllowName("docker0"))
assert.False(t, al.AllowName("tun0"))
assert.True(t, al.AllowName("eth0"))

rules = []AllowListNameRule{
{Name: regexp.MustCompile("^eth.*$"), Allow: true},
{Name: regexp.MustCompile("^ens.*$"), Allow: true},
}
al = &LocalAllowList{nameRules: rules}

assert.Equal(t, false, al.AllowName("docker0"))
assert.Equal(t, true, al.AllowName("eth0"))
assert.Equal(t, true, al.AllowName("ens5"))
assert.False(t, al.AllowName("docker0"))
assert.True(t, al.AllowName("eth0"))
assert.True(t, al.AllowName("ens5"))
}
14 changes: 7 additions & 7 deletions cert/ca_pool_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,30 +80,30 @@ IBNWYMep3ysx9zCgknfG5dKtwGTaqF++BWKDYdyl34KX
}

p, err := NewCAPoolFromPEM([]byte(noNewLines))
assert.Nil(t, err)
assert.NoError(t, err)
assert.Equal(t, p.CAs[string("c9bfaf7ce8e84b2eeda2e27b469f4b9617bde192efd214b68891ecda6ed49522")].Certificate.Name(), rootCA.details.Name)
assert.Equal(t, p.CAs[string("5c9c3f23e7ee7fe97637cbd3a0a5b854154d1d9aaaf7b566a51f4a88f76b64cd")].Certificate.Name(), rootCA01.details.Name)

pp, err := NewCAPoolFromPEM([]byte(withNewLines))
assert.Nil(t, err)
assert.NoError(t, err)
assert.Equal(t, pp.CAs[string("c9bfaf7ce8e84b2eeda2e27b469f4b9617bde192efd214b68891ecda6ed49522")].Certificate.Name(), rootCA.details.Name)
assert.Equal(t, pp.CAs[string("5c9c3f23e7ee7fe97637cbd3a0a5b854154d1d9aaaf7b566a51f4a88f76b64cd")].Certificate.Name(), rootCA01.details.Name)

// expired cert, no valid certs
ppp, err := NewCAPoolFromPEM([]byte(expired))
assert.Equal(t, ErrExpired, err)
assert.Equal(t, ppp.CAs[string("152070be6bb19bc9e3bde4c2f0e7d8f4ff5448b4c9856b8eccb314fade0229b0")].Certificate.Name(), "expired")
assert.Equal(t, "expired", ppp.CAs[string("152070be6bb19bc9e3bde4c2f0e7d8f4ff5448b4c9856b8eccb314fade0229b0")].Certificate.Name())

// expired cert, with valid certs
pppp, err := NewCAPoolFromPEM(append([]byte(expired), noNewLines...))
assert.Equal(t, ErrExpired, err)
assert.Equal(t, pppp.CAs[string("c9bfaf7ce8e84b2eeda2e27b469f4b9617bde192efd214b68891ecda6ed49522")].Certificate.Name(), rootCA.details.Name)
assert.Equal(t, pppp.CAs[string("5c9c3f23e7ee7fe97637cbd3a0a5b854154d1d9aaaf7b566a51f4a88f76b64cd")].Certificate.Name(), rootCA01.details.Name)
assert.Equal(t, pppp.CAs[string("152070be6bb19bc9e3bde4c2f0e7d8f4ff5448b4c9856b8eccb314fade0229b0")].Certificate.Name(), "expired")
assert.Equal(t, len(pppp.CAs), 3)
assert.Equal(t, "expired", pppp.CAs[string("152070be6bb19bc9e3bde4c2f0e7d8f4ff5448b4c9856b8eccb314fade0229b0")].Certificate.Name())
assert.Len(t, pppp.CAs, 3)

ppppp, err := NewCAPoolFromPEM([]byte(p256))
assert.Nil(t, err)
assert.NoError(t, err)
assert.Equal(t, ppppp.CAs[string("a7938893ec8c4ef769b06d7f425e5e46f7a7f5ffa49c3bcf4a86b608caba9159")].Certificate.Name(), rootCAP256.details.Name)
assert.Equal(t, len(ppppp.CAs), 1)
assert.Len(t, ppppp.CAs, 1)
}
108 changes: 54 additions & 54 deletions cert/cert_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,11 +44,11 @@ func TestMarshalingNebulaCertificate(t *testing.T) {
}

b, err := nc.Marshal()
assert.Nil(t, err)
assert.NoError(t, err)
//t.Log("Cert size:", len(b))

nc2, err := unmarshalCertificateV1(b, true)
assert.Nil(t, err)
assert.NoError(t, err)

assert.Equal(t, nc.signature, nc2.Signature())
assert.Equal(t, nc.details.Name, nc2.Name())
Expand Down Expand Up @@ -186,8 +186,8 @@ func TestNebulaCertificate_MarshalJSON(t *testing.T) {
}

b, err := nc.MarshalJSON()
assert.Nil(t, err)
assert.Equal(
assert.NoError(t, err)
assert.JSONEq(
t,
"{\"details\":{\"curve\":\"CURVE25519\",\"groups\":[\"test-group1\",\"test-group2\",\"test-group3\"],\"ips\":[\"10.1.1.1/24\",\"10.1.1.2/16\"],\"isCa\":false,\"issuer\":\"1234567890abcedfghij1234567890ab\",\"name\":\"testing\",\"notAfter\":\"0000-11-30T02:00:00Z\",\"notBefore\":\"0000-11-30T01:00:00Z\",\"publicKey\":\"313233343536373839306162636564666768696a313233343536373839306162\",\"subnets\":[\"9.1.1.2/24\",\"9.1.1.3/16\"]},\"fingerprint\":\"3944c53d4267a229295b56cb2d27d459164c010ac97d655063ba421e0670f4ba\",\"signature\":\"313233343536373839306162636564666768696a313233343536373839306162\"}",
string(b),
Expand All @@ -196,24 +196,24 @@ func TestNebulaCertificate_MarshalJSON(t *testing.T) {

func TestNebulaCertificate_Verify(t *testing.T) {
ca, _, caKey, err := newTestCaCert(time.Now(), time.Now().Add(10*time.Minute), nil, nil, nil)
assert.Nil(t, err)
assert.NoError(t, err)

c, _, _, err := newTestCert(ca, caKey, time.Now(), time.Now().Add(5*time.Minute), nil, nil, nil)
assert.Nil(t, err)
assert.NoError(t, err)

caPool := NewCAPool()
assert.NoError(t, caPool.AddCA(ca))

f, err := c.Fingerprint()
assert.Nil(t, err)
assert.NoError(t, err)
caPool.BlocklistFingerprint(f)

_, err = caPool.VerifyCertificate(time.Now(), c)
assert.EqualError(t, err, "certificate is in the block list")

caPool.ResetCertBlocklist()
_, err = caPool.VerifyCertificate(time.Now(), c)
assert.Nil(t, err)
assert.NoError(t, err)

_, err = caPool.VerifyCertificate(time.Now().Add(time.Hour*1000), c)
assert.EqualError(t, err, "root certificate is expired")
Expand All @@ -223,10 +223,10 @@ func TestNebulaCertificate_Verify(t *testing.T) {

// Test group assertion
ca, _, caKey, err = newTestCaCert(time.Now(), time.Now().Add(10*time.Minute), nil, nil, []string{"test1", "test2"})
assert.Nil(t, err)
assert.NoError(t, err)

caPem, err := ca.MarshalPEM()
assert.Nil(t, err)
assert.NoError(t, err)

caPool = NewCAPool()
b, err := caPool.AddCAFromPEM(caPem)
Expand All @@ -237,31 +237,31 @@ func TestNebulaCertificate_Verify(t *testing.T) {
assert.EqualError(t, err, "certificate contained a group not present on the signing ca: bad")

c, _, _, err = newTestCert(ca, caKey, time.Now(), time.Now().Add(5*time.Minute), nil, nil, []string{"test1"})
assert.Nil(t, err)
assert.NoError(t, err)
_, err = caPool.VerifyCertificate(time.Now(), c)
assert.Nil(t, err)
assert.NoError(t, err)
}

func TestNebulaCertificate_VerifyP256(t *testing.T) {
ca, _, caKey, err := newTestCaCertP256(time.Now(), time.Now().Add(10*time.Minute), nil, nil, nil)
assert.Nil(t, err)
assert.NoError(t, err)

c, _, _, err := newTestCert(ca, caKey, time.Now(), time.Now().Add(5*time.Minute), nil, nil, nil)
assert.Nil(t, err)
assert.NoError(t, err)

caPool := NewCAPool()
assert.NoError(t, caPool.AddCA(ca))

f, err := c.Fingerprint()
assert.Nil(t, err)
assert.NoError(t, err)
caPool.BlocklistFingerprint(f)

_, err = caPool.VerifyCertificate(time.Now(), c)
assert.EqualError(t, err, "certificate is in the block list")

caPool.ResetCertBlocklist()
_, err = caPool.VerifyCertificate(time.Now(), c)
assert.Nil(t, err)
assert.NoError(t, err)

_, err = caPool.VerifyCertificate(time.Now().Add(time.Hour*1000), c)
assert.EqualError(t, err, "root certificate is expired")
Expand All @@ -271,10 +271,10 @@ func TestNebulaCertificate_VerifyP256(t *testing.T) {

// Test group assertion
ca, _, caKey, err = newTestCaCertP256(time.Now(), time.Now().Add(10*time.Minute), nil, nil, []string{"test1", "test2"})
assert.Nil(t, err)
assert.NoError(t, err)

caPem, err := ca.MarshalPEM()
assert.Nil(t, err)
assert.NoError(t, err)

caPool = NewCAPool()
b, err := caPool.AddCAFromPEM(caPem)
Expand All @@ -285,19 +285,19 @@ func TestNebulaCertificate_VerifyP256(t *testing.T) {
assert.EqualError(t, err, "certificate contained a group not present on the signing ca: bad")

c, _, _, err = newTestCert(ca, caKey, time.Now(), time.Now().Add(5*time.Minute), nil, nil, []string{"test1"})
assert.Nil(t, err)
assert.NoError(t, err)
_, err = caPool.VerifyCertificate(time.Now(), c)
assert.Nil(t, err)
assert.NoError(t, err)
}

func TestNebulaCertificate_Verify_IPs(t *testing.T) {
caIp1 := mustParsePrefixUnmapped("10.0.0.0/16")
caIp2 := mustParsePrefixUnmapped("192.168.0.0/24")
ca, _, caKey, err := newTestCaCert(time.Now(), time.Now().Add(10*time.Minute), []netip.Prefix{caIp1, caIp2}, nil, []string{"test"})
assert.Nil(t, err)
assert.NoError(t, err)

caPem, err := ca.MarshalPEM()
assert.Nil(t, err)
assert.NoError(t, err)

caPool := NewCAPool()
b, err := caPool.AddCAFromPEM(caPem)
Expand Down Expand Up @@ -332,37 +332,37 @@ func TestNebulaCertificate_Verify_IPs(t *testing.T) {
cIp1 = mustParsePrefixUnmapped("10.0.1.0/16")
cIp2 = mustParsePrefixUnmapped("192.168.0.1/25")
c, _, _, err = newTestCert(ca, caKey, time.Now(), time.Now().Add(5*time.Minute), []netip.Prefix{cIp1, cIp2}, nil, []string{"test"})
assert.Nil(t, err)
assert.NoError(t, err)
_, err = caPool.VerifyCertificate(time.Now(), c)
assert.Nil(t, err)
assert.NoError(t, err)

// Exact matches
c, _, _, err = newTestCert(ca, caKey, time.Now(), time.Now().Add(5*time.Minute), []netip.Prefix{caIp1, caIp2}, nil, []string{"test"})
assert.Nil(t, err)
assert.NoError(t, err)
_, err = caPool.VerifyCertificate(time.Now(), c)
assert.Nil(t, err)
assert.NoError(t, err)

// Exact matches reversed
c, _, _, err = newTestCert(ca, caKey, time.Now(), time.Now().Add(5*time.Minute), []netip.Prefix{caIp2, caIp1}, nil, []string{"test"})
assert.Nil(t, err)
assert.NoError(t, err)
_, err = caPool.VerifyCertificate(time.Now(), c)
assert.Nil(t, err)
assert.NoError(t, err)

// Exact matches reversed with just 1
c, _, _, err = newTestCert(ca, caKey, time.Now(), time.Now().Add(5*time.Minute), []netip.Prefix{caIp1}, nil, []string{"test"})
assert.Nil(t, err)
assert.NoError(t, err)
_, err = caPool.VerifyCertificate(time.Now(), c)
assert.Nil(t, err)
assert.NoError(t, err)
}

func TestNebulaCertificate_Verify_Subnets(t *testing.T) {
caIp1 := mustParsePrefixUnmapped("10.0.0.0/16")
caIp2 := mustParsePrefixUnmapped("192.168.0.0/24")
ca, _, caKey, err := newTestCaCert(time.Now(), time.Now().Add(10*time.Minute), nil, []netip.Prefix{caIp1, caIp2}, []string{"test"})
assert.Nil(t, err)
assert.NoError(t, err)

caPem, err := ca.MarshalPEM()
assert.Nil(t, err)
assert.NoError(t, err)

caPool := NewCAPool()
b, err := caPool.AddCAFromPEM(caPem)
Expand Down Expand Up @@ -397,67 +397,67 @@ func TestNebulaCertificate_Verify_Subnets(t *testing.T) {
cIp1 = mustParsePrefixUnmapped("10.0.1.0/16")
cIp2 = mustParsePrefixUnmapped("192.168.0.1/25")
c, _, _, err = newTestCert(ca, caKey, time.Now(), time.Now().Add(5*time.Minute), nil, []netip.Prefix{cIp1, cIp2}, []string{"test"})
assert.Nil(t, err)
assert.NoError(t, err)
_, err = caPool.VerifyCertificate(time.Now(), c)
assert.Nil(t, err)
assert.NoError(t, err)

// Exact matches
c, _, _, err = newTestCert(ca, caKey, time.Now(), time.Now().Add(5*time.Minute), nil, []netip.Prefix{caIp1, caIp2}, []string{"test"})
assert.Nil(t, err)
assert.NoError(t, err)
_, err = caPool.VerifyCertificate(time.Now(), c)
assert.Nil(t, err)
assert.NoError(t, err)

// Exact matches reversed
c, _, _, err = newTestCert(ca, caKey, time.Now(), time.Now().Add(5*time.Minute), nil, []netip.Prefix{caIp2, caIp1}, []string{"test"})
assert.Nil(t, err)
assert.NoError(t, err)
_, err = caPool.VerifyCertificate(time.Now(), c)
assert.Nil(t, err)
assert.NoError(t, err)

// Exact matches reversed with just 1
c, _, _, err = newTestCert(ca, caKey, time.Now(), time.Now().Add(5*time.Minute), nil, []netip.Prefix{caIp1}, []string{"test"})
assert.Nil(t, err)
assert.NoError(t, err)
_, err = caPool.VerifyCertificate(time.Now(), c)
assert.Nil(t, err)
assert.NoError(t, err)
}

func TestNebulaCertificate_VerifyPrivateKey(t *testing.T) {
ca, _, caKey, err := newTestCaCert(time.Time{}, time.Time{}, nil, nil, nil)
assert.Nil(t, err)
assert.NoError(t, err)
err = ca.VerifyPrivateKey(Curve_CURVE25519, caKey)
assert.Nil(t, err)
assert.NoError(t, err)

_, _, caKey2, err := newTestCaCert(time.Time{}, time.Time{}, nil, nil, nil)
assert.Nil(t, err)
assert.NoError(t, err)
err = ca.VerifyPrivateKey(Curve_CURVE25519, caKey2)
assert.NotNil(t, err)
assert.Error(t, err)

c, _, priv, err := newTestCert(ca, caKey, time.Time{}, time.Time{}, nil, nil, nil)
err = c.VerifyPrivateKey(Curve_CURVE25519, priv)
assert.Nil(t, err)
assert.NoError(t, err)

_, priv2 := x25519Keypair()
err = c.VerifyPrivateKey(Curve_CURVE25519, priv2)
assert.NotNil(t, err)
assert.Error(t, err)
}

func TestNebulaCertificate_VerifyPrivateKeyP256(t *testing.T) {
ca, _, caKey, err := newTestCaCertP256(time.Time{}, time.Time{}, nil, nil, nil)
assert.Nil(t, err)
assert.NoError(t, err)
err = ca.VerifyPrivateKey(Curve_P256, caKey)
assert.Nil(t, err)
assert.NoError(t, err)

_, _, caKey2, err := newTestCaCertP256(time.Time{}, time.Time{}, nil, nil, nil)
assert.Nil(t, err)
assert.NoError(t, err)
err = ca.VerifyPrivateKey(Curve_P256, caKey2)
assert.NotNil(t, err)
assert.Error(t, err)

c, _, priv, err := newTestCert(ca, caKey, time.Time{}, time.Time{}, nil, nil, nil)
err = c.VerifyPrivateKey(Curve_P256, priv)
assert.Nil(t, err)
assert.NoError(t, err)

_, priv2 := p256Keypair()
err = c.VerifyPrivateKey(Curve_P256, priv2)
assert.NotNil(t, err)
assert.Error(t, err)
}

func appendByteSlices(b ...[]byte) []byte {
Expand Down Expand Up @@ -514,10 +514,10 @@ func appendByteSlices(b ...[]byte) []byte {

func TestNebulaCertificate_Copy(t *testing.T) {
ca, _, caKey, err := newTestCaCert(time.Now(), time.Now().Add(10*time.Minute), nil, nil, nil)
assert.Nil(t, err)
assert.NoError(t, err)

c, _, _, err := newTestCert(ca, caKey, time.Now(), time.Now().Add(5*time.Minute), nil, nil, nil)
assert.Nil(t, err)
assert.NoError(t, err)
cc := c.Copy()

test.AssertDeepCopyEqual(t, c, cc)
Expand Down
Loading
Loading