curben
/
cloudflared-mirror
mirror of https://github.com/cloudflare/cloudflared.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
cloudflared-mirror/cmd/cloudflared/tunnel/subcommand_context_test.go

371 lines
10 KiB
Go
Raw Normal View History

TUN-3286: Use either ID or name in Named Tunnel subcommands.
2020-08-18 21:54:05 +00:00
package tunnel
import (
TUN-3581: Tunnels can be run by name using only --credentials-file, no origin cert necessary.
2020-11-23 21:36:16 +00:00
"encoding/base64"
"flag"
"fmt"
TUN-3286: Use either ID or name in Named Tunnel subcommands.
2020-08-18 21:54:05 +00:00
"reflect"
"testing"
TUN-3599: improved delete if credentials isnt found. Tunnel delete is successful even if we don't find the credentials file in the user's filesystem. We no longer "error" indicating this is a problem. This fix also enables chaining of the delete command by removing a pre-mature return if the credentials file is not found.
2020-12-04 11:06:13 +00:00
"time"
TUN-3286: Use either ID or name in Named Tunnel subcommands.
2020-08-18 21:54:05 +00:00
TUN-4067: Reformat code for consistent import order, grouping, and fix formatting. Added goimports target to the Makefile to make this easier in the future.
2021-03-23 14:30:43 +00:00
"github.com/google/uuid"
"github.com/pkg/errors"
TUN-3998: Allow to cleanup the connections of a tunnel limited to a single client
2021-03-19 23:26:51 +00:00
"github.com/rs/zerolog"
TUN-5754: Allow ingress validate to take plaintext option Ingress validate currently validates config from a file. This PR adds a new --json/-j flag to provide the ingress/config data as a plaintext command line argument.
2022-02-22 15:51:43 +00:00
"github.com/stretchr/testify/assert"
TUN-4067: Reformat code for consistent import order, grouping, and fix formatting. Added goimports target to the Makefile to make this easier in the future.
2021-03-23 14:30:43 +00:00
"github.com/urfave/cli/v2"
TUN-3998: Allow to cleanup the connections of a tunnel limited to a single client
2021-03-19 23:26:51 +00:00
TUN-5482: Refactor tunnelstore client related packages for more coherent package
2021-12-27 14:56:50 +00:00
"github.com/cloudflare/cloudflared/cfapi"
TUN-3581: Tunnels can be run by name using only --credentials-file, no origin cert necessary.
2020-11-23 21:36:16 +00:00
"github.com/cloudflare/cloudflared/connection"
TUN-7134: Acquire token for cloudflared tail cloudflared tail will now fetch the management token from by making a request to the Cloudflare API using the cert.pem (acquired from cloudflared login). Refactored some of the credentials code into it's own package as to allow for easier use between subcommands outside of `cloudflared tunnel`.
2023-04-12 16:43:38 +00:00
"github.com/cloudflare/cloudflared/credentials"
TUN-3286: Use either ID or name in Named Tunnel subcommands.
2020-08-18 21:54:05 +00:00
)
TUN-3581: Tunnels can be run by name using only --credentials-file, no origin cert necessary.
2020-11-23 21:36:16 +00:00
type mockFileSystem struct {
rf func(string) ([]byte, error)
vfp func(string) bool
}
func (fs mockFileSystem) validFilePath(path string) bool {
return fs.vfp(path)
}
func (fs mockFileSystem) readFile(filePath string) ([]byte, error) {
return fs.rf(filePath)
}
func Test_subcommandContext_findCredentials(t *testing.T) {
type fields struct {
c *cli.Context
TUN-3470: Replace in-house logger calls with zerolog
2020-11-25 06:55:13 +00:00
log *zerolog.Logger
TUN-3581: Tunnels can be run by name using only --credentials-file, no origin cert necessary.
2020-11-23 21:36:16 +00:00
fs fileSystem
TUN-5482: Refactor tunnelstore client related packages for more coherent package
2021-12-27 14:56:50 +00:00
tunnelstoreClient cfapi.Client
TUN-7134: Acquire token for cloudflared tail cloudflared tail will now fetch the management token from by making a request to the Cloudflare API using the cert.pem (acquired from cloudflared login). Refactored some of the credentials code into it's own package as to allow for easier use between subcommands outside of `cloudflared tunnel`.
2023-04-12 16:43:38 +00:00
userCredential *credentials.User
TUN-3581: Tunnels can be run by name using only --credentials-file, no origin cert necessary.
2020-11-23 21:36:16 +00:00
}
type args struct {
tunnelID uuid.UUID
}
oldCertPath := "old_cert.json"
newCertPath := "new_cert.json"
accountTag := "0000d4d14e84bd4ae5a6a02e0000ac63"
secret := []byte{211, 79, 177, 245, 179, 194, 152, 127, 140, 71, 18, 46, 183, 209, 10, 24, 192, 150, 55, 249, 211, 16, 167, 30, 113, 51, 152, 168, 72, 100, 205, 144}
secretB64 := base64.StdEncoding.EncodeToString(secret)
tunnelID := uuid.MustParse("df5ed608-b8b4-4109-89f3-9f2cf199df64")
name := "mytunnel"
fs := mockFileSystem{
rf: func(filePath string) ([]byte, error) {
if filePath == oldCertPath {
// An old credentials file created before TUN-3581 added the new fields
return []byte(fmt.Sprintf(`{"AccountTag":"%s","TunnelSecret":"%s"}`, accountTag, secretB64)), nil
}
if filePath == newCertPath {
// A new credentials file created after TUN-3581 with its new fields.
return []byte(fmt.Sprintf(`{"AccountTag":"%s","TunnelSecret":"%s","TunnelID":"%s","TunnelName":"%s"}`, accountTag, secretB64, tunnelID, name)), nil
}
return nil, errors.New("file not found")
},
vfp: func(string) bool { return true },
}
TUN-3470: Replace in-house logger calls with zerolog
2020-11-25 06:55:13 +00:00
log := zerolog.Nop()
TUN-3581: Tunnels can be run by name using only --credentials-file, no origin cert necessary.
2020-11-23 21:36:16 +00:00
tests := []struct {
name string
fields fields
args args
want connection.Credentials
wantErr bool
}{
{
name: "Filepath given leads to old credentials file",
fields: fields{
TUN-3470: Replace in-house logger calls with zerolog
2020-11-25 06:55:13 +00:00
log: &log,
fs: fs,
TUN-3581: Tunnels can be run by name using only --credentials-file, no origin cert necessary.
2020-11-23 21:36:16 +00:00
c: func() *cli.Context {
flagSet := flag.NewFlagSet("test0", flag.PanicOnError)
flagSet.String(CredFileFlag, oldCertPath, "")
c := cli.NewContext(cli.NewApp(), flagSet, nil)
TUN-3470: Replace in-house logger calls with zerolog
2020-11-25 06:55:13 +00:00
_ = c.Set(CredFileFlag, oldCertPath)
TUN-3581: Tunnels can be run by name using only --credentials-file, no origin cert necessary.
2020-11-23 21:36:16 +00:00
return c
}(),
},
args: args{
tunnelID: tunnelID,
},
want: connection.Credentials{
AccountTag: accountTag,
TunnelID: tunnelID,
TunnelSecret: secret,
},
},
{
name: "Filepath given leads to new credentials file",
fields: fields{
TUN-3470: Replace in-house logger calls with zerolog
2020-11-25 06:55:13 +00:00
log: &log,
fs: fs,
TUN-3581: Tunnels can be run by name using only --credentials-file, no origin cert necessary.
2020-11-23 21:36:16 +00:00
c: func() *cli.Context {
flagSet := flag.NewFlagSet("test0", flag.PanicOnError)
flagSet.String(CredFileFlag, newCertPath, "")
c := cli.NewContext(cli.NewApp(), flagSet, nil)
TUN-3470: Replace in-house logger calls with zerolog
2020-11-25 06:55:13 +00:00
_ = c.Set(CredFileFlag, newCertPath)
TUN-3581: Tunnels can be run by name using only --credentials-file, no origin cert necessary.
2020-11-23 21:36:16 +00:00
return c
}(),
},
args: args{
tunnelID: tunnelID,
},
want: connection.Credentials{
AccountTag: accountTag,
TunnelID: tunnelID,
TunnelSecret: secret,
},
},
Add support for taking named tunnel credentials from an environment variable
2021-09-03 15:01:45 +00:00
{
name: "TUNNEL_CRED_CONTENTS given contains old credentials contents",
fields: fields{
log: &log,
fs: fs,
c: func() *cli.Context {
flagSet := flag.NewFlagSet("test0", flag.PanicOnError)
flagSet.String(CredContentsFlag, "", "")
c := cli.NewContext(cli.NewApp(), flagSet, nil)
_ = c.Set(CredContentsFlag, fmt.Sprintf(`{"AccountTag":"%s","TunnelSecret":"%s"}`, accountTag, secretB64))
return c
}(),
},
args: args{
tunnelID: tunnelID,
},
want: connection.Credentials{
AccountTag: accountTag,
TunnelID: tunnelID,
TunnelSecret: secret,
},
},
{
name: "TUNNEL_CRED_CONTENTS given contains new credentials contents",
fields: fields{
log: &log,
fs: fs,
c: func() *cli.Context {
flagSet := flag.NewFlagSet("test0", flag.PanicOnError)
flagSet.String(CredContentsFlag, "", "")
c := cli.NewContext(cli.NewApp(), flagSet, nil)
_ = c.Set(CredContentsFlag, fmt.Sprintf(`{"AccountTag":"%s","TunnelSecret":"%s","TunnelID":"%s","TunnelName":"%s"}`, accountTag, secretB64, tunnelID, name))
return c
}(),
},
args: args{
tunnelID: tunnelID,
},
want: connection.Credentials{
AccountTag: accountTag,
TunnelID: tunnelID,
TunnelSecret: secret,
},
},
TUN-3581: Tunnels can be run by name using only --credentials-file, no origin cert necessary.
2020-11-23 21:36:16 +00:00
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
sc := &subcommandContext{
c: tt.fields.c,
TUN-3470: Replace in-house logger calls with zerolog
2020-11-25 06:55:13 +00:00
log: tt.fields.log,
TUN-3581: Tunnels can be run by name using only --credentials-file, no origin cert necessary.
2020-11-23 21:36:16 +00:00
fs: tt.fields.fs,
tunnelstoreClient: tt.fields.tunnelstoreClient,
userCredential: tt.fields.userCredential,
}
got, err := sc.findCredentials(tt.args.tunnelID)
if (err != nil) != tt.wantErr {
t.Errorf("subcommandContext.findCredentials() error = %v, wantErr %v", err, tt.wantErr)
return
}
if !reflect.DeepEqual(got, tt.want) {
t.Errorf("subcommandContext.findCredentials() = %v, want %v", got, tt.want)
}
})
}
}
TUN-3599: improved delete if credentials isnt found. Tunnel delete is successful even if we don't find the credentials file in the user's filesystem. We no longer "error" indicating this is a problem. This fix also enables chaining of the delete command by removing a pre-mature return if the credentials file is not found.
2020-12-04 11:06:13 +00:00
type deleteMockTunnelStore struct {
TUN-5482: Refactor tunnelstore client related packages for more coherent package
2021-12-27 14:56:50 +00:00
cfapi.Client
TUN-3599: improved delete if credentials isnt found. Tunnel delete is successful even if we don't find the credentials file in the user's filesystem. We no longer "error" indicating this is a problem. This fix also enables chaining of the delete command by removing a pre-mature return if the credentials file is not found.
2020-12-04 11:06:13 +00:00
mockTunnels map[uuid.UUID]mockTunnelBehaviour
deletedTunnelIDs []uuid.UUID
}
type mockTunnelBehaviour struct {
TUN-5482: Refactor tunnelstore client related packages for more coherent package
2021-12-27 14:56:50 +00:00
tunnel cfapi.Tunnel
TUN-3599: improved delete if credentials isnt found. Tunnel delete is successful even if we don't find the credentials file in the user's filesystem. We no longer "error" indicating this is a problem. This fix also enables chaining of the delete command by removing a pre-mature return if the credentials file is not found.
2020-12-04 11:06:13 +00:00
deleteErr error
cleanupErr error
}
func newDeleteMockTunnelStore(tunnels ...mockTunnelBehaviour) *deleteMockTunnelStore {
mockTunnels := make(map[uuid.UUID]mockTunnelBehaviour)
for _, tunnel := range tunnels {
mockTunnels[tunnel.tunnel.ID] = tunnel
}
return &deleteMockTunnelStore{
mockTunnels: mockTunnels,
deletedTunnelIDs: make([]uuid.UUID, 0),
}
}
TUN-5482: Refactor tunnelstore client related packages for more coherent package
2021-12-27 14:56:50 +00:00
func (d *deleteMockTunnelStore) GetTunnel(tunnelID uuid.UUID) (*cfapi.Tunnel, error) {
TUN-3599: improved delete if credentials isnt found. Tunnel delete is successful even if we don't find the credentials file in the user's filesystem. We no longer "error" indicating this is a problem. This fix also enables chaining of the delete command by removing a pre-mature return if the credentials file is not found.
2020-12-04 11:06:13 +00:00
tunnel, ok := d.mockTunnels[tunnelID]
if !ok {
return nil, fmt.Errorf("Couldn't find tunnel: %v", tunnelID)
}
return &tunnel.tunnel, nil
}
TUN-5915: New cloudflared command to allow to retrieve the token credentials for a Tunnel
2022-03-22 12:46:07 +00:00
func (d *deleteMockTunnelStore) GetTunnelToken(tunnelID uuid.UUID) (string, error) {
return "token", nil
}
TUN-3599: improved delete if credentials isnt found. Tunnel delete is successful even if we don't find the credentials file in the user's filesystem. We no longer "error" indicating this is a problem. This fix also enables chaining of the delete command by removing a pre-mature return if the credentials file is not found.
2020-12-04 11:06:13 +00:00
func (d *deleteMockTunnelStore) DeleteTunnel(tunnelID uuid.UUID) error {
tunnel, ok := d.mockTunnels[tunnelID]
if !ok {
return fmt.Errorf("Couldn't find tunnel: %v", tunnelID)
}
if tunnel.deleteErr != nil {
return tunnel.deleteErr
}
d.deletedTunnelIDs = append(d.deletedTunnelIDs, tunnelID)
tunnel.tunnel.DeletedAt = time.Now()
delete(d.mockTunnels, tunnelID)
return nil
}
TUN-5482: Refactor tunnelstore client related packages for more coherent package
2021-12-27 14:56:50 +00:00
func (d *deleteMockTunnelStore) CleanupConnections(tunnelID uuid.UUID, _ *cfapi.CleanupParams) error {
TUN-3599: improved delete if credentials isnt found. Tunnel delete is successful even if we don't find the credentials file in the user's filesystem. We no longer "error" indicating this is a problem. This fix also enables chaining of the delete command by removing a pre-mature return if the credentials file is not found.
2020-12-04 11:06:13 +00:00
tunnel, ok := d.mockTunnels[tunnelID]
if !ok {
return fmt.Errorf("Couldn't find tunnel: %v", tunnelID)
}
return tunnel.cleanupErr
}
func Test_subcommandContext_Delete(t *testing.T) {
type fields struct {
c *cli.Context
TUN-3607: Set up single-file logger with zerolog
2020-12-08 18:16:25 +00:00
log *zerolog.Logger
TUN-3599: improved delete if credentials isnt found. Tunnel delete is successful even if we don't find the credentials file in the user's filesystem. We no longer "error" indicating this is a problem. This fix also enables chaining of the delete command by removing a pre-mature return if the credentials file is not found.
2020-12-04 11:06:13 +00:00
isUIEnabled bool
fs fileSystem
tunnelstoreClient *deleteMockTunnelStore
TUN-7134: Acquire token for cloudflared tail cloudflared tail will now fetch the management token from by making a request to the Cloudflare API using the cert.pem (acquired from cloudflared login). Refactored some of the credentials code into it's own package as to allow for easier use between subcommands outside of `cloudflared tunnel`.
2023-04-12 16:43:38 +00:00
userCredential *credentials.User
TUN-3599: improved delete if credentials isnt found. Tunnel delete is successful even if we don't find the credentials file in the user's filesystem. We no longer "error" indicating this is a problem. This fix also enables chaining of the delete command by removing a pre-mature return if the credentials file is not found.
2020-12-04 11:06:13 +00:00
}
type args struct {
tunnelIDs []uuid.UUID
}
newCertPath := "new_cert.json"
tunnelID1 := uuid.MustParse("df5ed608-b8b4-4109-89f3-9f2cf199df64")
tunnelID2 := uuid.MustParse("af5ed608-b8b4-4109-89f3-9f2cf199df64")
TUN-3607: Set up single-file logger with zerolog
2020-12-08 18:16:25 +00:00
log := zerolog.Nop()
TUN-3599: improved delete if credentials isnt found. Tunnel delete is successful even if we don't find the credentials file in the user's filesystem. We no longer "error" indicating this is a problem. This fix also enables chaining of the delete command by removing a pre-mature return if the credentials file is not found.
2020-12-04 11:06:13 +00:00
var tests = []struct {
name string
fields fields
args args
want []uuid.UUID
wantErr bool
}{
{
name: "clean up continues if credentials are not found",
fields: fields{
TUN-3607: Set up single-file logger with zerolog
2020-12-08 18:16:25 +00:00
log: &log,
TUN-3599: improved delete if credentials isnt found. Tunnel delete is successful even if we don't find the credentials file in the user's filesystem. We no longer "error" indicating this is a problem. This fix also enables chaining of the delete command by removing a pre-mature return if the credentials file is not found.
2020-12-04 11:06:13 +00:00
fs: mockFileSystem{
rf: func(filePath string) ([]byte, error) {
return nil, errors.New("file not found")
},
vfp: func(string) bool { return true },
},
c: func() *cli.Context {
flagSet := flag.NewFlagSet("test0", flag.PanicOnError)
flagSet.String(CredFileFlag, newCertPath, "")
c := cli.NewContext(cli.NewApp(), flagSet, nil)
TUN-3607: Set up single-file logger with zerolog
2020-12-08 18:16:25 +00:00
_ = c.Set(CredFileFlag, newCertPath)
TUN-3599: improved delete if credentials isnt found. Tunnel delete is successful even if we don't find the credentials file in the user's filesystem. We no longer "error" indicating this is a problem. This fix also enables chaining of the delete command by removing a pre-mature return if the credentials file is not found.
2020-12-04 11:06:13 +00:00
return c
}(),
tunnelstoreClient: newDeleteMockTunnelStore(
mockTunnelBehaviour{
TUN-5482: Refactor tunnelstore client related packages for more coherent package
2021-12-27 14:56:50 +00:00
tunnel: cfapi.Tunnel{ID: tunnelID1},
TUN-3599: improved delete if credentials isnt found. Tunnel delete is successful even if we don't find the credentials file in the user's filesystem. We no longer "error" indicating this is a problem. This fix also enables chaining of the delete command by removing a pre-mature return if the credentials file is not found.
2020-12-04 11:06:13 +00:00
},
mockTunnelBehaviour{
TUN-5482: Refactor tunnelstore client related packages for more coherent package
2021-12-27 14:56:50 +00:00
tunnel: cfapi.Tunnel{ID: tunnelID2},
TUN-3599: improved delete if credentials isnt found. Tunnel delete is successful even if we don't find the credentials file in the user's filesystem. We no longer "error" indicating this is a problem. This fix also enables chaining of the delete command by removing a pre-mature return if the credentials file is not found.
2020-12-04 11:06:13 +00:00
},
),
},
args: args{
tunnelIDs: []uuid.UUID{tunnelID1, tunnelID2},
},
want: []uuid.UUID{tunnelID1, tunnelID2},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
sc := &subcommandContext{
c: tt.fields.c,
TUN-3607: Set up single-file logger with zerolog
2020-12-08 18:16:25 +00:00
log: tt.fields.log,
TUN-3599: improved delete if credentials isnt found. Tunnel delete is successful even if we don't find the credentials file in the user's filesystem. We no longer "error" indicating this is a problem. This fix also enables chaining of the delete command by removing a pre-mature return if the credentials file is not found.
2020-12-04 11:06:13 +00:00
fs: tt.fields.fs,
tunnelstoreClient: tt.fields.tunnelstoreClient,
userCredential: tt.fields.userCredential,
}
err := sc.delete(tt.args.tunnelIDs)
if (err != nil) != tt.wantErr {
t.Errorf("subcommandContext.findCredentials() error = %v, wantErr %v", err, tt.wantErr)
return
}
got := tt.fields.tunnelstoreClient.deletedTunnelIDs
if !reflect.DeepEqual(got, tt.want) {
t.Errorf("subcommandContext.findCredentials() = %v, want %v", got, tt.want)
return
}
})
}
}
TUN-5754: Allow ingress validate to take plaintext option Ingress validate currently validates config from a file. This PR adds a new --json/-j flag to provide the ingress/config data as a plaintext command line argument.
2022-02-22 15:51:43 +00:00
func Test_subcommandContext_ValidateIngressCommand(t *testing.T) {
var tests = []struct {
name string
c *cli.Context
wantErr bool
expectedErr error
}{
{
name: "read a valid configuration from data",
c: func() *cli.Context {
data := `{ "warp-routing": {"enabled": true}, "originRequest" : {"connectTimeout": 10}, "ingress" : [ {"hostname": "test", "service": "https://localhost:8000" } , {"service": "http_status:404"} ]}`
flagSet := flag.NewFlagSet("json", flag.PanicOnError)
flagSet.String(ingressDataJSONFlagName, data, "")
c := cli.NewContext(cli.NewApp(), flagSet, nil)
_ = c.Set(ingressDataJSONFlagName, data)
return c
}(),
},
{
name: "read an invalid configuration with multiple mistakes",
c: func() *cli.Context {
data := `{ "ingress" : [ {"hostname": "test", "service": "localhost:8000" } , {"service": "http_status:invalid_status"} ]}`
flagSet := flag.NewFlagSet("json", flag.PanicOnError)
flagSet.String(ingressDataJSONFlagName, data, "")
c := cli.NewContext(cli.NewApp(), flagSet, nil)
_ = c.Set(ingressDataJSONFlagName, data)
return c
}(),
wantErr: true,
expectedErr: errors.New("Validation failed: localhost:8000 is an invalid address, please make sure it has a scheme and a hostname"),
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := validateIngressCommand(tt.c, "")
if tt.wantErr {
assert.Equal(t, tt.expectedErr.Error(), err.Error())
} else {
assert.Nil(t, err)
}
})
}
}