From e616f6d4ad89d84d9f45fb8e75ad261d163d1838 Mon Sep 17 00:00:00 2001
From: Fernando Diaz <diazjf@us.ibm.com>
Date: Fri, 21 Jun 2019 12:46:07 -0500
Subject: [PATCH] Get AuthTLS annotation unit tests to 100%

Adds more unit tests for the authtls annotation. Increases the
coverage.
---
 .../ingress/annotations/authtls/main_test.go  | 133 ++++++++++++++++++
 1 file changed, 133 insertions(+)

diff --git a/internal/ingress/annotations/authtls/main_test.go b/internal/ingress/annotations/authtls/main_test.go
index b71392840..fc8327b83 100644
--- a/internal/ingress/annotations/authtls/main_test.go
+++ b/internal/ingress/annotations/authtls/main_test.go
@@ -126,3 +126,136 @@ func TestAnnotations(t *testing.T) {
 		t.Errorf("expected %v but got %v", true, u.PassCertToUpstream)
 	}
 }
+
+func TestInvalidAnnotations(t *testing.T) {
+	ing := buildIngress()
+	fakeSecret := &mockSecret{}
+	data := map[string]string{}
+
+	// No annotation
+	_, err := NewParser(fakeSecret).Parse(ing)
+	if err == nil {
+		t.Errorf("Expected error with ingress but got nil")
+	}
+
+	// Invalid NameSpace
+	data[parser.GetAnnotationWithPrefix("auth-tls-secret")] = "demo-secret"
+	ing.SetAnnotations(data)
+	_, err = NewParser(fakeSecret).Parse(ing)
+	if err == nil {
+		t.Errorf("Expected error with ingress but got nil")
+	}
+
+	// Invalid Auth Certificate
+	data[parser.GetAnnotationWithPrefix("auth-tls-secret")] = "default/invalid-demo-secret"
+	ing.SetAnnotations(data)
+	_, err = NewParser(fakeSecret).Parse(ing)
+	if err == nil {
+		t.Errorf("Expected error with ingress but got nil")
+	}
+
+	// Invalid optional Annotations
+	data[parser.GetAnnotationWithPrefix("auth-tls-secret")] = "default/demo-secret"
+	data[parser.GetAnnotationWithPrefix("auth-tls-verify-client")] = "w00t"
+	data[parser.GetAnnotationWithPrefix("auth-tls-verify-depth")] = "abcd"
+	data[parser.GetAnnotationWithPrefix("auth-tls-pass-certificate-to-upstream")] = "nahh"
+	ing.SetAnnotations(data)
+
+	i, err := NewParser(fakeSecret).Parse(ing)
+	if err != nil {
+		t.Errorf("Uxpected error with ingress: %v", err)
+	}
+	u, ok := i.(*Config)
+	if !ok {
+		t.Errorf("expected *Config but got %v", u)
+	}
+
+	if u.VerifyClient != "on" {
+		t.Errorf("expected %v but got %v", "on", u.VerifyClient)
+	}
+	if u.ValidationDepth != 1 {
+		t.Errorf("expected %v but got %v", 1, u.ValidationDepth)
+	}
+	if u.PassCertToUpstream != false {
+		t.Errorf("expected %v but got %v", false, u.PassCertToUpstream)
+	}
+
+}
+
+func TestEquals(t *testing.T) {
+	cfg1 := &Config{}
+	cfg2 := &Config{}
+
+	// Same config
+	result := cfg1.Equal(cfg1)
+	if result != true {
+		t.Errorf("Expected true")
+	}
+
+	// compare nil
+	result = cfg1.Equal(nil)
+	if result != false {
+		t.Errorf("Expected false")
+	}
+
+	// Different Certs
+	sslCert1 := resolver.AuthSSLCert{
+		Secret:     "default/demo-secret",
+		CAFileName: "/ssl/ca.crt",
+		PemSHA:     "abc",
+	}
+	sslCert2 := resolver.AuthSSLCert{
+		Secret:     "default/other-demo-secret",
+		CAFileName: "/ssl/ca.crt",
+		PemSHA:     "abc",
+	}
+	cfg1.AuthSSLCert = sslCert1
+	cfg2.AuthSSLCert = sslCert2
+	result = cfg1.Equal(cfg2)
+	if result != false {
+		t.Errorf("Expected false")
+	}
+	cfg2.AuthSSLCert = sslCert1
+
+	// Different Verify Client
+	cfg1.VerifyClient = "on"
+	cfg2.VerifyClient = "off"
+	result = cfg1.Equal(cfg2)
+	if result != false {
+		t.Errorf("Expected false")
+	}
+	cfg2.VerifyClient = "on"
+
+	// Different Validation Depth
+	cfg1.ValidationDepth = 1
+	cfg2.ValidationDepth = 2
+	result = cfg1.Equal(cfg2)
+	if result != false {
+		t.Errorf("Expected false")
+	}
+	cfg2.ValidationDepth = 1
+
+	// Different Error Page
+	cfg1.ErrorPage = "error-1"
+	cfg2.ErrorPage = "error-2"
+	result = cfg1.Equal(cfg2)
+	if result != false {
+		t.Errorf("Expected false")
+	}
+	cfg2.ErrorPage = "error-1"
+
+	// Different Pass to Upstream
+	cfg1.PassCertToUpstream = true
+	cfg2.PassCertToUpstream = false
+	result = cfg1.Equal(cfg2)
+	if result != false {
+		t.Errorf("Expected false")
+	}
+	cfg2.PassCertToUpstream = true
+
+	// Equal Configs
+	result = cfg1.Equal(cfg2)
+	if result != true {
+		t.Errorf("Expected true")
+	}
+}