netbird/management/server/posture/checks_test.go

279 lines
6.0 KiB
Go
Raw Normal View History

package posture
import (
"encoding/json"
"net/netip"
"testing"
"github.com/stretchr/testify/assert"
)
func TestChecks_MarshalJSON(t *testing.T) {
tests := []struct {
name string
checks *Checks
want []byte
wantErr bool
}{
{
name: "Valid Posture Checks Marshal",
checks: &Checks{
ID: "id1",
Name: "name1",
Description: "desc1",
AccountID: "acc1",
Checks: ChecksDefinition{
NBVersionCheck: &NBVersionCheck{
MinVersion: "1.0.0",
},
},
},
want: []byte(`
{
"ID": "id1",
"Name": "name1",
"Description": "desc1",
"Checks": {
"NBVersionCheck": {
"MinVersion": "1.0.0"
}
}
}
`),
wantErr: false,
},
{
name: "Empty Posture Checks Marshal",
checks: &Checks{
ID: "",
Name: "",
Description: "",
AccountID: "",
Checks: ChecksDefinition{
NBVersionCheck: &NBVersionCheck{},
},
},
want: []byte(`
{
"ID": "",
"Name": "",
"Description": "",
"Checks": {
"NBVersionCheck": {
"MinVersion": ""
}
}
}
`),
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := json.Marshal(tt.checks)
if (err != nil) != tt.wantErr {
t.Errorf("Checks.MarshalJSON() error = %v, wantErr %v", err, tt.wantErr)
return
}
assert.JSONEq(t, string(got), string(tt.want))
assert.Equal(t, tt.checks, tt.checks.Copy(), "original Checks should not be modified")
})
}
}
func TestChecks_UnmarshalJSON(t *testing.T) {
testCases := []struct {
name string
in []byte
expected *Checks
expectedError bool
}{
{
name: "Valid JSON Posture Checks Unmarshal",
in: []byte(`
{
"ID": "id1",
"Name": "name1",
"Description": "desc1",
"Checks": {
"NBVersionCheck": {
"MinVersion": "1.0.0"
}
}
}
`),
expected: &Checks{
ID: "id1",
Name: "name1",
Description: "desc1",
Checks: ChecksDefinition{
NBVersionCheck: &NBVersionCheck{
MinVersion: "1.0.0",
},
},
},
expectedError: false,
},
{
name: "Invalid JSON Posture Checks Unmarshal",
in: []byte(`{`),
expectedError: true,
},
{
name: "Empty JSON Posture Check Unmarshal",
in: []byte(`{}`),
expected: &Checks{},
expectedError: false,
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
var checks Checks
err := json.Unmarshal(tc.in, &checks)
if tc.expectedError {
assert.Error(t, err)
} else {
assert.NoError(t, err)
assert.Equal(t, tc.expected, &checks)
}
})
}
}
func TestChecks_Validate(t *testing.T) {
testCases := []struct {
name string
checks Checks
expectedError bool
}{
{
name: "Valid checks version",
checks: Checks{
Checks: ChecksDefinition{
NBVersionCheck: &NBVersionCheck{
MinVersion: "0.25.0",
},
OSVersionCheck: &OSVersionCheck{
Ios: &MinVersionCheck{
MinVersion: "13.0.1",
},
Linux: &MinKernelVersionCheck{
MinKernelVersion: "5.3.3-dev",
},
},
},
},
expectedError: false,
},
{
name: "Invalid checks version",
checks: Checks{
Checks: ChecksDefinition{
NBVersionCheck: &NBVersionCheck{
MinVersion: "abc",
},
OSVersionCheck: &OSVersionCheck{
Android: &MinVersionCheck{
MinVersion: "dev",
},
},
},
},
expectedError: true,
},
{
name: "Combined valid and invalid checks version",
checks: Checks{
Checks: ChecksDefinition{
NBVersionCheck: &NBVersionCheck{
MinVersion: "abc",
},
OSVersionCheck: &OSVersionCheck{
Windows: &MinKernelVersionCheck{
MinKernelVersion: "10.0.1234",
},
Darwin: &MinVersionCheck{
MinVersion: "13.0.1",
},
},
},
},
expectedError: true,
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
err := tc.checks.Validate()
if tc.expectedError {
assert.Error(t, err)
} else {
assert.NoError(t, err)
}
})
}
}
func TestChecks_Copy(t *testing.T) {
check := &Checks{
ID: "1",
Name: "default",
Description: "description",
AccountID: "accountID",
Checks: ChecksDefinition{
NBVersionCheck: &NBVersionCheck{
MinVersion: "0.25.0",
},
OSVersionCheck: &OSVersionCheck{
Android: &MinVersionCheck{
MinVersion: "13",
},
Darwin: &MinVersionCheck{
MinVersion: "14.2.0",
},
Ios: &MinVersionCheck{
MinVersion: "17.3.0",
},
Linux: &MinKernelVersionCheck{
MinKernelVersion: "6.5.11-linuxkit",
},
Windows: &MinKernelVersionCheck{
MinKernelVersion: "10.0.14393",
},
},
GeoLocationCheck: &GeoLocationCheck{
Locations: []Location{
{
CountryCode: "DE",
CityName: "Berlin",
},
},
Action: CheckActionAllow,
},
PeerNetworkRangeCheck: &PeerNetworkRangeCheck{
Ranges: []netip.Prefix{
netip.MustParsePrefix("192.168.0.0/24"),
netip.MustParsePrefix("10.0.0.0/8"),
},
Action: CheckActionDeny,
},
},
}
checkCopy := check.Copy()
assert.Equal(t, check.ID, checkCopy.ID)
assert.Equal(t, check.Name, checkCopy.Name)
assert.Equal(t, check.Description, checkCopy.Description)
assert.Equal(t, check.AccountID, checkCopy.AccountID)
assert.Equal(t, check.Checks.Copy(), checkCopy.Checks.Copy())
assert.ElementsMatch(t, check.GetChecks(), checkCopy.GetChecks())
// Updating the original check should not take effect on copy
check.Name = "name"
assert.NotSame(t, check, checkCopy)
}