feat: Add unit tests for CLI and MasterConnector, including certificate extraction and validation

2026-03-21 03:32:09 +00:00
parent d7cbb2a2ce
commit eba30f557e
5 changed files with 562 additions and 3 deletions
--- a/apps/nxmesh-agent/src/connector/master/ssh.rs
+++ b/apps/nxmesh-agent/src/connector/master/ssh.rs
@@ -6,7 +6,7 @@ use nxmesh_proto::agent_service_client::AgentServiceClient;
 use tonic::transport::{Certificate, ClientTlsConfig, Identity};
 use tracing::warn;

-use crate::config::settings::{self, MAuthSettings, TLSSettings};
+use crate::config::settings::{MAuthSettings, TLSSettings};

 use super::{AgentClient, MasterConnectorTrait};

@@ -130,3 +130,151 @@ impl MasterConnectorTrait for SshMasterConnector {
        self.client.clone()
    }
 }
+
+#[cfg(test)]
+#[allow(clippy::expect_used)]
+mod tests {
+    use std::{
+        fs::{self, File},
+        io::Write,
+        path::Path,
+    };
+
+    use tempfile::TempDir;
+
+    use crate::config::settings::{MAuthSettings, TLSSettings};
+
+    use super::SshMasterConnector;
+
+    const CERT_PEM: &[u8] = b"-----BEGIN CERTIFICATE-----\nAQ==\n-----END CERTIFICATE-----\n";
+    const KEY_PEM: &[u8] = b"-----BEGIN PRIVATE KEY-----\nAQ==\n-----END PRIVATE KEY-----\n";
+    const CA_PEM: &[u8] = b"-----BEGIN CERTIFICATE-----\nAQ==\n-----END CERTIFICATE-----\n";
+
+    fn create_zip_with_entries(
+        dir: &TempDir,
+        file_name: &str,
+        entries: &[(&str, &[u8])],
+    ) -> Result<String, Box<dyn std::error::Error + Send + Sync>> {
+        let zip_path = dir.path().join(file_name);
+        let file = File::create(&zip_path)?;
+        let mut zip = zip::ZipWriter::new(file);
+        let options = zip::write::SimpleFileOptions::default()
+            .compression_method(zip::CompressionMethod::Deflated)
+            .unix_permissions(0o600);
+
+        for (entry_name, contents) in entries {
+            zip.start_file(entry_name, options)?;
+            zip.write_all(contents)?;
+        }
+
+        zip.finish()?;
+        Ok(zip_path.to_string_lossy().to_string())
+    }
+
+    fn write_file(
+        path: &Path,
+        contents: &[u8],
+    ) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
+        fs::write(path, contents)?;
+        Ok(())
+    }
+
+    #[tokio::test]
+    async fn extract_certificate_succeeds_with_expected_files() {
+        let temp_dir = TempDir::new().expect("failed to create temp dir");
+        let zip_path = create_zip_with_entries(
+            &temp_dir,
+            "certs.zip",
+            &[
+                ("cert.pem", CERT_PEM),
+                ("key.pem", KEY_PEM),
+                ("ca.pem", CA_PEM),
+                ("ignored.txt", b"ignored"),
+            ],
+        )
+        .expect("failed to create zip");
+
+        let (ca, cert, key) = SshMasterConnector::extract_certificate(&zip_path)
+            .await
+            .expect("expected cert extraction to succeed");
+
+        assert_eq!(ca, CA_PEM);
+        assert_eq!(cert, CERT_PEM);
+        assert_eq!(key, KEY_PEM);
+    }
+
+    #[tokio::test]
+    async fn extract_certificate_fails_when_required_files_are_missing() {
+        let temp_dir = TempDir::new().expect("failed to create temp dir");
+        let zip_path = create_zip_with_entries(
+            &temp_dir,
+            "missing-key.zip",
+            &[("cert.pem", CERT_PEM), ("ca.pem", CA_PEM)],
+        )
+        .expect("failed to create zip");
+
+        let err = SshMasterConnector::extract_certificate(&zip_path)
+            .await
+            .expect_err("expected extraction to fail when key.pem is missing");
+
+        assert!(
+            err.to_string()
+                .contains("Certificate zip must contain cert.pem, key.pem and ca.pem")
+        );
+    }
+
+    #[tokio::test]
+    async fn generate_tls_config_succeeds_for_raw_paths() {
+        let temp_dir = TempDir::new().expect("failed to create temp dir");
+        let cert_path = temp_dir.path().join("cert.pem");
+        let key_path = temp_dir.path().join("key.pem");
+        let ca_path = temp_dir.path().join("ca.pem");
+
+        write_file(&cert_path, CERT_PEM).expect("failed to write cert.pem");
+        write_file(&key_path, KEY_PEM).expect("failed to write key.pem");
+        write_file(&ca_path, CA_PEM).expect("failed to write ca.pem");
+
+        let settings = MAuthSettings::Tls(TLSSettings::RawPath {
+            ca_path: ca_path.to_string_lossy().to_string(),
+            cert_path: cert_path.to_string_lossy().to_string(),
+            key_path: key_path.to_string_lossy().to_string(),
+        });
+
+        let result = SshMasterConnector::generate_tls_config(&settings).await;
+        assert!(result.is_ok(), "expected raw path TLS config to succeed");
+    }
+
+    #[tokio::test]
+    async fn generate_tls_config_succeeds_for_zip_path() {
+        let temp_dir = TempDir::new().expect("failed to create temp dir");
+        let zip_path = create_zip_with_entries(
+            &temp_dir,
+            "certs.zip",
+            &[
+                ("cert.pem", CERT_PEM),
+                ("key.pem", KEY_PEM),
+                ("ca.pem", CA_PEM),
+            ],
+        )
+        .expect("failed to create zip");
+
+        let settings = MAuthSettings::Tls(TLSSettings::ZipPath {
+            cert_zip_path: zip_path,
+        });
+
+        let result = SshMasterConnector::generate_tls_config(&settings).await;
+        assert!(result.is_ok(), "expected zip path TLS config to succeed");
+    }
+
+    #[tokio::test]
+    async fn generate_tls_config_fails_for_missing_raw_files() {
+        let settings = MAuthSettings::Tls(TLSSettings::RawPath {
+            ca_path: "/tmp/non-existent-ca.pem".to_string(),
+            cert_path: "/tmp/non-existent-cert.pem".to_string(),
+            key_path: "/tmp/non-existent-key.pem".to_string(),
+        });
+
+        let result = SshMasterConnector::generate_tls_config(&settings).await;
+        assert!(result.is_err(), "expected raw path TLS config to fail");
+    }
+}