add more tests to certificate bundle test

porthorian · porthorian · commit 3ffbbaf1230f · 2025-02-19T22:38:51.000-05:00
diff --git a/internal/mode/static/state/graph/certificate_bundle.go b/internal/mode/static/state/graph/certificate_bundle.go
@@ -11,20 +11,18 @@ import (
 	v1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 
-// CAKey is the key that is stored in a secret or configmap to grab its data from.
-// This follows the convention setup by kubernetes service account root ca
-// key for optional root certificate authority
+// key for optional root certificate authority.
 const CAKey = "ca.crt"
 
-// CertificateBundle is used to submit certificate data to nginx that is kubernetes aware
+// CertificateBundle is used to submit certificate data to nginx that is kubernetes aware.
 type CertificateBundle struct {
 	Cert *Certificate
 
 	Name types.NamespacedName
 	Kind v1.Kind
 }
 
-// Certificate houses the real certificate data that is sent to the configurator
+// Certificate houses the real certificate data that is sent to the configurator.
 type Certificate struct {
 	// TLSCert is the SSL certificate used to send to CA
 	TLSCert []byte
@@ -34,7 +32,7 @@ type Certificate struct {
 	CACert []byte
 }
 
-// NewCertificateBundle generates a kubernetes aware certificate that is used during the configurator for nginx
+// NewCertificateBundle generates a kubernetes aware certificate that is used during the configurator for nginx.
 func NewCertificateBundle(name types.NamespacedName, kind string, cert *Certificate) *CertificateBundle {
 	return &CertificateBundle{
 		Name: name,
@@ -43,11 +41,11 @@ func NewCertificateBundle(name types.NamespacedName, kind string, cert *Certific
 	}
 }
 
-// validateTLS checks to make sure a ssl certificate key pair is valid
+// validateTLS checks to make sure a ssl certificate key pair is valid.
 func validateTLS(tlsCert, tlsPrivateKey []byte) error {
 	_, err := tls.X509KeyPair(tlsCert, tlsPrivateKey)
 	if err != nil {
-		return fmt.Errorf("TLS secret is invalid: %w", err)
+		return fmt.Errorf("tls secret is invalid: %w", err)
 	}
 
 	return nil
diff --git a/internal/mode/static/state/graph/certificate_bundle_test.go b/internal/mode/static/state/graph/certificate_bundle_test.go
@@ -7,6 +7,55 @@ import (
 	. "github.com/onsi/gomega"
 )
 
+func TestValidateTLS(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		expectedErr   string
+		name          string
+		tlsCert       []byte
+		tlsPrivateKey []byte
+	}{
+		{
+			name:          "valid tls key pair",
+			tlsCert:       cert,
+			tlsPrivateKey: key,
+		},
+		{
+			name:          "invalid tls cert valid key",
+			tlsCert:       invalidCert,
+			tlsPrivateKey: key,
+			expectedErr:   "tls secret is invalid: x509: malformed certificate",
+		},
+		{
+			name:          "invalid tls private key valid cert",
+			tlsCert:       cert,
+			tlsPrivateKey: invalidKey,
+			expectedErr:   "tls secret is invalid: tls: failed to parse private key",
+		},
+		{
+			name:          "invalid tls cert key pair",
+			tlsCert:       invalidCert,
+			tlsPrivateKey: invalidKey,
+			expectedErr:   "tls secret is invalid: x509: malformed certificate",
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			t.Parallel()
+
+			g := NewWithT(t)
+			err := validateTLS(test.tlsCert, test.tlsPrivateKey)
+			if test.expectedErr != "" {
+				g.Expect(err).To(HaveOccurred())
+				g.Expect(err).To(MatchError(test.expectedErr))
+			} else {
+				g.Expect(err).ToNot(HaveOccurred())
+			}
+		})
+	}
+}
+
 func TestValidateCA(t *testing.T) {
 	t.Parallel()
 	base64Data := make([]byte, base64.StdEncoding.EncodedLen(len(caBlock)))
diff --git a/internal/mode/static/state/graph/secret_test.go b/internal/mode/static/state/graph/secret_test.go
@@ -207,12 +207,12 @@ func TestSecretResolver(t *testing.T) {
 		{
 			name:           "invalid secret cert",
 			nsname:         client.ObjectKeyFromObject(invalidSecretCert),
-			expectedErrMsg: "TLS secret is invalid: x509: malformed certificate",
+			expectedErrMsg: "tls secret is invalid: x509: malformed certificate",
 		},
 		{
 			name:           "invalid secret key",
 			nsname:         client.ObjectKeyFromObject(invalidSecretKey),
-			expectedErrMsg: "TLS secret is invalid: tls: failed to parse private key",
+			expectedErrMsg: "tls secret is invalid: tls: failed to parse private key",
 		},
 		{
 			name:           "invalid secret ca cert",

Original file line number	Diff line number	Diff line change
`@@ -207,12 +207,12 @@ func TestSecretResolver(t *testing.T) {`
`207`	`207`	`{`
`208`	`208`	`name: "invalid secret cert",`
`209`	`209`	`nsname: client.ObjectKeyFromObject(invalidSecretCert),`
`210`		`- expectedErrMsg: "TLS secret is invalid: x509: malformed certificate",`
	`210`	`+ expectedErrMsg: "tls secret is invalid: x509: malformed certificate",`
`211`	`211`	`},`
`212`	`212`	`{`
`213`	`213`	`name: "invalid secret key",`
`214`	`214`	`nsname: client.ObjectKeyFromObject(invalidSecretKey),`
`215`		`- expectedErrMsg: "TLS secret is invalid: tls: failed to parse private key",`
	`215`	`+ expectedErrMsg: "tls secret is invalid: tls: failed to parse private key",`
`216`	`216`	`},`
`217`	`217`	`{`
`218`	`218`	`name: "invalid secret ca cert",`