|
12 | 12 | # See the License for the specific language governing permissions and |
13 | 13 | # limitations under the License. |
14 | 14 |
|
15 | | -import json |
16 | 15 | import os |
17 | 16 | import re |
18 | 17 |
|
@@ -739,81 +738,78 @@ def test_crypto_error(self): |
739 | 738 | ENCRYPTED_EC_PRIVATE_KEY, b"wrong_password" |
740 | 739 | ) |
741 | 740 |
|
742 | | - def test_check_use_client_cert(self, monkeypatch): |
743 | | - monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "true") |
744 | | - use_client_cert = _mtls_helper.check_use_client_cert() |
745 | | - assert use_client_cert is True |
746 | 741 |
|
747 | | - def test_check_use_client_cert_for_workload_with_config_file(self, monkeypatch): |
748 | | - config_data = { |
749 | | - "version": 1, |
750 | | - "cert_configs": { |
751 | | - "workload": { |
752 | | - "cert_path": "path/to/cert/file", |
753 | | - "key_path": "path/to/key/file", |
754 | | - } |
755 | | - }, |
756 | | - } |
757 | | - config_filename = "mock_certificate_config.json" |
758 | | - config_file_content = json.dumps(config_data) |
759 | | - monkeypatch.setenv("GOOGLE_API_CERTIFICATE_CONFIG", config_filename) |
760 | | - monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "") |
761 | | - # Use mock_open to simulate the file in memory |
762 | | - mock_file_handle = mock.mock_open(read_data=config_file_content) |
763 | | - with mock.patch("builtins.open", mock_file_handle): |
764 | | - use_client_cert = _mtls_helper.check_use_client_cert() |
765 | | - assert use_client_cert is True |
766 | | - |
767 | | - def test_check_use_client_cert_false(self, monkeypatch): |
768 | | - monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false") |
769 | | - use_client_cert = _mtls_helper.check_use_client_cert() |
770 | | - assert use_client_cert is False |
771 | | - |
772 | | - def test_check_use_client_cert_unsupported_value(self, monkeypatch): |
773 | | - monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "dummy") |
774 | | - use_client_cert = _mtls_helper.check_use_client_cert() |
775 | | - assert use_client_cert is False |
776 | | - |
777 | | - def test_check_use_client_cert_for_workload_with_config_file_not_found( |
778 | | - self, monkeypatch |
779 | | - ): |
780 | | - monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "") |
781 | | - use_client_cert = _mtls_helper.check_use_client_cert() |
782 | | - assert use_client_cert is False |
| 742 | +class TestCheckUseClientCert(object): |
| 743 | + @mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}) |
| 744 | + def test_env_var_explicit_true(self): |
| 745 | + assert _mtls_helper.check_use_client_cert() is True |
783 | 746 |
|
784 | | - def test_check_use_client_cert_for_workload_with_config_file_not_json( |
785 | | - self, monkeypatch |
786 | | - ): |
787 | | - config_filename = "mock_certificate_config.json" |
788 | | - config_file_content = "not_valid_json" |
789 | | - monkeypatch.setenv("GOOGLE_API_CERTIFICATE_CONFIG", config_filename) |
790 | | - monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "") |
791 | | - # Use mock_open to simulate the file in memory |
792 | | - mock_file_handle = mock.mock_open(read_data=config_file_content) |
793 | | - with mock.patch("builtins.open", mock_file_handle): |
794 | | - use_client_cert = _mtls_helper.check_use_client_cert() |
795 | | - assert use_client_cert is False |
796 | | - |
797 | | - def test_check_use_client_cert_for_workload_with_config_file_no_workload( |
798 | | - self, monkeypatch |
799 | | - ): |
800 | | - config_data = {"version": 1, "cert_configs": {"dummy_key": {}}} |
801 | | - config_filename = "mock_certificate_config.json" |
802 | | - config_file_content = json.dumps(config_data) |
803 | | - monkeypatch.setenv("GOOGLE_API_CERTIFICATE_CONFIG", config_filename) |
804 | | - monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "") |
805 | | - # Use mock_open to simulate the file in memory |
806 | | - mock_file_handle = mock.mock_open(read_data=config_file_content) |
807 | | - with mock.patch("builtins.open", mock_file_handle): |
808 | | - use_client_cert = _mtls_helper.check_use_client_cert() |
809 | | - assert use_client_cert is False |
810 | | - |
811 | | - def test_check_use_client_cert_when_file_does_not_exist(self, monkeypatch): |
812 | | - config_filename = "mock_certificate_config.json" |
813 | | - monkeypatch.setenv("GOOGLE_API_CERTIFICATE_CONFIG", config_filename) |
814 | | - monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "") |
815 | | - use_client_cert = _mtls_helper.check_use_client_cert() |
816 | | - assert use_client_cert is False |
| 747 | + @mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "True"}) |
| 748 | + def test_env_var_explicit_true_capitalized(self): |
| 749 | + assert _mtls_helper.check_use_client_cert() is True |
| 750 | + |
| 751 | + @mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "false"}) |
| 752 | + def test_env_var_explicit_false(self): |
| 753 | + assert _mtls_helper.check_use_client_cert() is False |
| 754 | + |
| 755 | + @mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "garbage"}) |
| 756 | + def test_env_var_explicit_garbage(self): |
| 757 | + assert _mtls_helper.check_use_client_cert() is False |
| 758 | + |
| 759 | + @mock.patch("builtins.open", autospec=True) |
| 760 | + @mock.patch.dict( |
| 761 | + os.environ, |
| 762 | + { |
| 763 | + "GOOGLE_API_USE_CLIENT_CERTIFICATE": "", |
| 764 | + "GOOGLE_API_CERTIFICATE_CONFIG": "/path/to/config", |
| 765 | + }, |
| 766 | + ) |
| 767 | + def test_config_file_success(self, mock_file): |
| 768 | + # We manually apply mock_open here so we can keep autospec=True on the decorator |
| 769 | + mock_file.side_effect = mock.mock_open( |
| 770 | + read_data='{"cert_configs": {"workload": "exists"}}' |
| 771 | + ) |
| 772 | + assert _mtls_helper.check_use_client_cert() is True |
| 773 | + |
| 774 | + @mock.patch("builtins.open", autospec=True) |
| 775 | + @mock.patch.dict( |
| 776 | + os.environ, |
| 777 | + { |
| 778 | + "GOOGLE_API_USE_CLIENT_CERTIFICATE": "", |
| 779 | + "GOOGLE_API_CERTIFICATE_CONFIG": "/path/to/config", |
| 780 | + }, |
| 781 | + ) |
| 782 | + def test_config_file_missing_keys(self, mock_file): |
| 783 | + mock_file.side_effect = mock.mock_open(read_data='{"cert_configs": {}}') |
| 784 | + assert _mtls_helper.check_use_client_cert() is False |
| 785 | + |
| 786 | + @mock.patch("builtins.open", autospec=True) |
| 787 | + @mock.patch.dict( |
| 788 | + os.environ, |
| 789 | + { |
| 790 | + "GOOGLE_API_USE_CLIENT_CERTIFICATE": "", |
| 791 | + "GOOGLE_API_CERTIFICATE_CONFIG": "/path/to/config", |
| 792 | + }, |
| 793 | + ) |
| 794 | + def test_config_file_bad_json(self, mock_file): |
| 795 | + mock_file.side_effect = mock.mock_open(read_data="{bad_json") |
| 796 | + assert _mtls_helper.check_use_client_cert() is False |
| 797 | + |
| 798 | + @mock.patch("builtins.open", autospec=True) |
| 799 | + @mock.patch.dict( |
| 800 | + os.environ, |
| 801 | + { |
| 802 | + "GOOGLE_API_USE_CLIENT_CERTIFICATE": "", |
| 803 | + "GOOGLE_API_CERTIFICATE_CONFIG": "/path/does/not/exist", |
| 804 | + }, |
| 805 | + ) |
| 806 | + def test_config_file_not_found(self, mock_file): |
| 807 | + mock_file.side_effect = FileNotFoundError |
| 808 | + assert _mtls_helper.check_use_client_cert() is False |
| 809 | + |
| 810 | + @mock.patch.dict(os.environ, {}, clear=True) |
| 811 | + def test_no_env_vars_set(self): |
| 812 | + assert _mtls_helper.check_use_client_cert() is False |
817 | 813 |
|
818 | 814 |
|
819 | 815 | class TestMtlsHelper: |
|
0 commit comments