(t *testing.T)
| 404 | } |
| 405 | |
| 406 | func Test_ensureTLSConfig(t *testing.T) { |
| 407 | t.Parallel() |
| 408 | |
| 409 | t.Run("NoFilesSpecified", func(t *testing.T) { |
| 410 | t.Parallel() |
| 411 | r := &RootCmd{} |
| 412 | err := r.ensureTLSConfig() |
| 413 | require.NoError(t, err) |
| 414 | require.Nil(t, r.tlsConfig) |
| 415 | }) |
| 416 | |
| 417 | t.Run("OnlyCertFileErrors", func(t *testing.T) { |
| 418 | t.Parallel() |
| 419 | r := &RootCmd{ |
| 420 | tlsClientCertFile: "/some/cert.pem", |
| 421 | } |
| 422 | err := r.ensureTLSConfig() |
| 423 | require.Error(t, err) |
| 424 | require.Contains(t, err.Error(), "must be specified together") |
| 425 | }) |
| 426 | |
| 427 | t.Run("OnlyKeyFileErrors", func(t *testing.T) { |
| 428 | t.Parallel() |
| 429 | r := &RootCmd{ |
| 430 | tlsClientKeyFile: "/some/key.pem", |
| 431 | } |
| 432 | err := r.ensureTLSConfig() |
| 433 | require.Error(t, err) |
| 434 | require.Contains(t, err.Error(), "must be specified together") |
| 435 | }) |
| 436 | |
| 437 | t.Run("InvalidCAFileErrors", func(t *testing.T) { |
| 438 | t.Parallel() |
| 439 | r := &RootCmd{ |
| 440 | tlsCAFile: "/nonexistent/ca.pem", |
| 441 | } |
| 442 | err := r.ensureTLSConfig() |
| 443 | require.Error(t, err) |
| 444 | require.Contains(t, err.Error(), "read TLS CA file") |
| 445 | }) |
| 446 | |
| 447 | t.Run("AlreadySetSkipsLoading", func(t *testing.T) { |
| 448 | t.Parallel() |
| 449 | existingConfig := &tls.Config{MinVersion: tls.VersionTLS13} |
| 450 | r := &RootCmd{ |
| 451 | tlsConfig: existingConfig, |
| 452 | tlsClientCertFile: "/some/cert.pem", |
| 453 | } |
| 454 | err := r.ensureTLSConfig() |
| 455 | require.NoError(t, err) |
| 456 | require.Same(t, existingConfig, r.tlsConfig) |
| 457 | }) |
| 458 | |
| 459 | t.Run("InvalidPEMContentErrors", func(t *testing.T) { |
| 460 | t.Parallel() |
| 461 | tmpFile, err := os.CreateTemp("", "invalid-ca-*.pem") |
| 462 | require.NoError(t, err) |
| 463 | defer os.Remove(tmpFile.Name()) |
nothing calls this directly
no test coverage detected