(t *testing.T)
| 443 | } |
| 444 | |
| 445 | func (s) TestNewCredentials(t *testing.T) { |
| 446 | tests := []struct { |
| 447 | name string |
| 448 | opts Options |
| 449 | errSystemRoots bool |
| 450 | wantErr bool |
| 451 | }{ |
| 452 | { |
| 453 | name: "invalid options - empty subjectTokenPath", |
| 454 | opts: Options{ |
| 455 | TokenExchangeServiceURI: serviceURI, |
| 456 | }, |
| 457 | wantErr: true, |
| 458 | }, |
| 459 | { |
| 460 | name: "invalid system root certs", |
| 461 | opts: goodOptions, |
| 462 | errSystemRoots: true, |
| 463 | wantErr: true, |
| 464 | }, |
| 465 | { |
| 466 | name: "good case", |
| 467 | opts: goodOptions, |
| 468 | }, |
| 469 | } |
| 470 | |
| 471 | for _, test := range tests { |
| 472 | t.Run(test.name, func(t *testing.T) { |
| 473 | if test.errSystemRoots { |
| 474 | oldSystemRoots := loadSystemCertPool |
| 475 | loadSystemCertPool = func() (*x509.CertPool, error) { |
| 476 | return nil, errors.New("failed to load system cert pool") |
| 477 | } |
| 478 | defer func() { |
| 479 | loadSystemCertPool = oldSystemRoots |
| 480 | }() |
| 481 | } |
| 482 | |
| 483 | creds, err := NewCredentials(test.opts) |
| 484 | if (err != nil) != test.wantErr { |
| 485 | t.Fatalf("NewCredentials(%v) = %v, want %v", test.opts, err, test.wantErr) |
| 486 | } |
| 487 | if err == nil { |
| 488 | if !creds.RequireTransportSecurity() { |
| 489 | t.Errorf("creds.RequireTransportSecurity() returned false") |
| 490 | } |
| 491 | } |
| 492 | }) |
| 493 | } |
| 494 | } |
| 495 | |
| 496 | func (s) TestValidateOptions(t *testing.T) { |
| 497 | tests := []struct { |
nothing calls this directly
no test coverage detected