From ad70982cdad1f81f1a748ddeaa257af01167ec8d Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Wed, 24 Jul 2024 12:13:57 -0700 Subject: [PATCH] Use testify packages in x5c_test.go --- authority/provisioner/x5c_test.go | 235 +++++++++++++++--------------- 1 file changed, 121 insertions(+), 114 deletions(-) diff --git a/authority/provisioner/x5c_test.go b/authority/provisioner/x5c_test.go index 8f9c0adc..99d10b68 100644 --- a/authority/provisioner/x5c_test.go +++ b/authority/provisioner/x5c_test.go @@ -7,6 +7,7 @@ import ( "errors" "fmt" "net/http" + "strings" "testing" "time" @@ -15,13 +16,19 @@ import ( "go.step.sm/crypto/randutil" "go.step.sm/linkedca" - "github.com/smallstep/assert" "github.com/smallstep/certificates/api/render" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) +func assertHasPrefix(t *testing.T, s, p string) bool { + t.Helper() + return assert.True(t, strings.HasPrefix(s, p), "%q is not a prefix of %q", p, s) +} + func TestX5C_Getters(t *testing.T) { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) id := "x5c/" + p.Name if got := p.GetID(); got != id { t.Errorf("X5C.GetID() = %v, want %v:%v", got, p.Name, id) @@ -80,7 +87,7 @@ func TestX5C_Init(t *testing.T) { }, "fail/invalid-duration": func(t *testing.T) ProvisionerValidateTest { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) p.Claims = &Claims{DefaultTLSDur: &Duration{0}} return ProvisionerValidateTest{ p: p, @@ -89,7 +96,7 @@ func TestX5C_Init(t *testing.T) { }, "ok": func(t *testing.T) ProvisionerValidateTest { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) return ProvisionerValidateTest{ p: p, } @@ -118,7 +125,7 @@ VR0RBA0wC4IJcm9vdC10ZXN0MAoGCCqGSM49BAMCA0kAMEYCIQC2vgqwla0u8LHH 1MHob14qvS5o76HautbIBW7fcHzz5gIhAIx5A2+wkJYX4026kqaZCk/1sAwTxSGY M46l92gdOozT -----END CERTIFICATE-----`)) - assert.FatalError(t, err) + require.NoError(t, err) return ProvisionerValidateTest{ p: p, extraValid: func(p *X5C) error { @@ -144,11 +151,11 @@ M46l92gdOozT err := tc.p.Init(config) if err != nil { if assert.NotNil(t, tc.err) { - assert.Equals(t, tc.err.Error(), err.Error()) + assert.EqualError(t, tc.err, err.Error()) } } else { if assert.Nil(t, tc.err) { - assert.Equals(t, *tc.p.ctl.Audiences, config.Audiences.WithFragment(tc.p.GetID())) + assert.Equal(t, *tc.p.ctl.Audiences, config.Audiences.WithFragment(tc.p.GetID())) if tc.extraValid != nil { assert.Nil(t, tc.extraValid(tc.p)) } @@ -160,9 +167,9 @@ M46l92gdOozT func TestX5C_authorizeToken(t *testing.T) { x5cCerts, err := pemutil.ReadCertificateBundle("./testdata/certs/x5c-leaf.crt") - assert.FatalError(t, err) + require.NoError(t, err) x5cJWK, err := jose.ReadKey("./testdata/secrets/x5c-leaf.key") - assert.FatalError(t, err) + require.NoError(t, err) type test struct { p *X5C @@ -173,7 +180,7 @@ func TestX5C_authorizeToken(t *testing.T) { tests := map[string]func(*testing.T) test{ "fail/bad-token": func(t *testing.T) test { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, token: "foo", @@ -193,15 +200,15 @@ DgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFNLJ P9K7MAoGCCqGSM49BAMCA0gAMEUCIQC5c1ldDcesDb31GlO5cEJvOcRrIrNtkk8m a5wpg+9s6QIgHIW6L60F8klQX+EO3o0SBqLeNcaskA4oSZsKjEdpSGo= -----END CERTIFICATE-----`)) - assert.FatalError(t, err) + require.NoError(t, err) jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0) - assert.FatalError(t, err) + require.NoError(t, err) p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) tok, err := generateToken("", p.Name, testAudiences.Sign[0], "", []string{"test.smallstep.com"}, time.Now(), jwk, withX5CHdr(certs)) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, token: tok, @@ -232,15 +239,15 @@ BgNVHREECTAHggVsZWFmMjAKBggqhkjOPQQDAgNIADBFAiB7gMRy3t81HpcnoRAS ELZmDFaEnoLCsVfbmanFykazQQIhAI0sZjoE9t6gvzQp7XQp6CoxzCc3Jv3FwZ8G EXAHTA9L -----END CERTIFICATE-----`)) - assert.FatalError(t, err) + require.NoError(t, err) jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0) - assert.FatalError(t, err) + require.NoError(t, err) p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) tok, err := generateToken("", p.Name, testAudiences.Sign[0], "", []string{"test.smallstep.com"}, time.Now(), jwk, withX5CHdr(certs)) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, token: tok, @@ -273,16 +280,16 @@ E4IRaW50ZXJtZWRpYXRlLXRlc3QwCgYIKoZIzj0EAwIDSAAwRQIgII8XpQ8ezDO1 2xdq3hShf155C5X/5jO8qr0VyEJgzlkCIQCTqph1Gwu/dmuf6dYLCfQqJyb371LC lgsqsR63is+0YQ== -----END CERTIFICATE-----`)) - assert.FatalError(t, err) + require.NoError(t, err) jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0) - assert.FatalError(t, err) + require.NoError(t, err) p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) tok, err := generateToken("", p.Name, testAudiences.Sign[0], "", []string{"test.smallstep.com"}, time.Now(), jwk, withX5CHdr(certs)) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, token: tok, @@ -315,15 +322,15 @@ E4IRaW50ZXJtZWRpYXRlLXRlc3QwCgYIKoZIzj0EAwIDSAAwRQIgII8XpQ8ezDO1 2xdq3hShf155C5X/5jO8qr0VyEJgzlkCIQCTqph1Gwu/dmuf6dYLCfQqJyb371LC lgsqsR63is+0YQ== -----END CERTIFICATE-----`)) - assert.FatalError(t, err) + require.NoError(t, err) jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0) - assert.FatalError(t, err) + require.NoError(t, err) p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) tok, err := generateToken("", "foobar", testAudiences.Sign[0], "", []string{"test.smallstep.com"}, time.Now(), jwk, withX5CHdr(certs)) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, token: tok, @@ -333,11 +340,11 @@ lgsqsR63is+0YQ== }, "fail/invalid-issuer": func(t *testing.T) test { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) tok, err := generateToken("", "foobar", testAudiences.Sign[0], "", []string{"test.smallstep.com"}, time.Now(), x5cJWK, withX5CHdr(x5cCerts)) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, token: tok, @@ -347,11 +354,11 @@ lgsqsR63is+0YQ== }, "fail/invalid-audience": func(t *testing.T) test { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) tok, err := generateToken("", p.GetName(), "foobar", "", []string{"test.smallstep.com"}, time.Now(), x5cJWK, withX5CHdr(x5cCerts)) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, token: tok, @@ -361,11 +368,11 @@ lgsqsR63is+0YQ== }, "fail/empty-subject": func(t *testing.T) test { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) tok, err := generateToken("", p.GetName(), testAudiences.Sign[0], "", []string{"test.smallstep.com"}, time.Now(), x5cJWK, withX5CHdr(x5cCerts)) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, token: tok, @@ -375,11 +382,11 @@ lgsqsR63is+0YQ== }, "ok": func(t *testing.T) test { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) tok, err := generateToken("foo", p.GetName(), testAudiences.Sign[0], "", []string{"test.smallstep.com"}, time.Now(), x5cJWK, withX5CHdr(x5cCerts)) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, token: tok, @@ -393,12 +400,12 @@ lgsqsR63is+0YQ== if assert.NotNil(t, tc.err) { var sc render.StatusCodedError if assert.True(t, errors.As(err, &sc), "error does not implement StatusCodedError interface") { - assert.Equals(t, sc.StatusCode(), tc.code) + assert.Equal(t, tc.code, sc.StatusCode()) } - assert.HasPrefix(t, err.Error(), tc.err.Error()) + assertHasPrefix(t, err.Error(), tc.err.Error()) } } else { - if assert.Nil(t, tc.err) { + if assert.NoError(t, tc.err) { assert.NotNil(t, claims) assert.NotNil(t, claims.chains) } @@ -409,9 +416,9 @@ lgsqsR63is+0YQ== func TestX5C_AuthorizeSign(t *testing.T) { certs, err := pemutil.ReadCertificateBundle("./testdata/certs/x5c-leaf.crt") - assert.FatalError(t, err) + require.NoError(t, err) jwk, err := jose.ReadKey("./testdata/secrets/x5c-leaf.key") - assert.FatalError(t, err) + require.NoError(t, err) type test struct { p *X5C @@ -424,7 +431,7 @@ func TestX5C_AuthorizeSign(t *testing.T) { tests := map[string]func(*testing.T) test{ "fail/invalid-token": func(t *testing.T) test { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, token: "foo", @@ -434,11 +441,11 @@ func TestX5C_AuthorizeSign(t *testing.T) { }, "ok/empty-sans": func(t *testing.T) test { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) tok, err := generateToken("foo", p.GetName(), testAudiences.Sign[0], "", []string{}, time.Now(), jwk, withX5CHdr(certs)) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, token: tok, @@ -447,11 +454,11 @@ func TestX5C_AuthorizeSign(t *testing.T) { }, "ok/multi-sans": func(t *testing.T) test { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) tok, err := generateToken("foo", p.GetName(), testAudiences.Sign[0], "", []string{"127.0.0.1", "foo", "max@smallstep.com"}, time.Now(), jwk, withX5CHdr(certs)) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, token: tok, @@ -460,7 +467,7 @@ func TestX5C_AuthorizeSign(t *testing.T) { }, "ok/cnf": func(t *testing.T) test { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) x5c := make([]string, len(certs)) for i, cert := range certs { @@ -473,7 +480,7 @@ func TestX5C_AuthorizeSign(t *testing.T) { } tok, err := generateCustomToken("foo", p.GetName(), testAudiences.Sign[0], jwk, extraHeaders, extraClaims) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, token: tok, @@ -490,47 +497,47 @@ func TestX5C_AuthorizeSign(t *testing.T) { if assert.NotNil(t, tc.err, err.Error()) { var sc render.StatusCodedError if assert.True(t, errors.As(err, &sc), "error does not implement StatusCodedError interface") { - assert.Equals(t, sc.StatusCode(), tc.code) + assert.Equal(t, tc.code, sc.StatusCode()) } - assert.HasPrefix(t, err.Error(), tc.err.Error()) + assertHasPrefix(t, err.Error(), tc.err.Error()) } } else { if assert.Nil(t, tc.err) { if assert.NotNil(t, opts) { - assert.Equals(t, 11, len(opts)) + assert.Len(t, opts, 11) for _, o := range opts { switch v := o.(type) { case *X5C: case certificateOptionsFunc: case *provisionerExtensionOption: - assert.Equals(t, v.Type, TypeX5C) - assert.Equals(t, v.Name, tc.p.GetName()) - assert.Equals(t, v.CredentialID, "") - assert.Len(t, 0, v.KeyValuePairs) + assert.Equal(t, TypeX5C, v.Type) + assert.Equal(t, tc.p.GetName(), v.Name) + assert.Equal(t, "", v.CredentialID) + assert.Len(t, v.KeyValuePairs, 0) case profileLimitDuration: - assert.Equals(t, v.def, tc.p.ctl.Claimer.DefaultTLSCertDuration()) + assert.Equal(t, tc.p.ctl.Claimer.DefaultTLSCertDuration(), v.def) claims, err := tc.p.authorizeToken(tc.token, tc.p.ctl.Audiences.Sign) - assert.FatalError(t, err) - assert.Equals(t, v.notAfter, claims.chains[0][0].NotAfter) + require.NoError(t, err) + assert.Equal(t, claims.chains[0][0].NotAfter, v.notAfter) case commonNameValidator: - assert.Equals(t, string(v), "foo") + assert.Equal(t, "foo", string(v)) case defaultPublicKeyValidator: case *defaultSANsValidator: - assert.Equals(t, v.sans, tc.sans) - assert.Equals(t, MethodFromContext(v.ctx), SignIdentityMethod) + assert.Equal(t, tc.sans, v.sans) + assert.Equal(t, SignIdentityMethod, MethodFromContext(v.ctx)) case *validityValidator: - assert.Equals(t, v.min, tc.p.ctl.Claimer.MinTLSCertDuration()) - assert.Equals(t, v.max, tc.p.ctl.Claimer.MaxTLSCertDuration()) + assert.Equal(t, tc.p.ctl.Claimer.MinTLSCertDuration(), v.min) + assert.Equal(t, tc.p.ctl.Claimer.MaxTLSCertDuration(), v.max) case *x509NamePolicyValidator: - assert.Equals(t, nil, v.policyEngine) + assert.Equal(t, nil, v.policyEngine) case *WebhookController: - assert.Len(t, 0, v.webhooks) - assert.Equals(t, linkedca.Webhook_X509, v.certType) - assert.Len(t, 2, v.options) + assert.Len(t, v.webhooks, 0) + assert.Equal(t, linkedca.Webhook_X509, v.certType) + assert.Len(t, v.options, 2) case csrFingerprintValidator: - assert.Equals(t, tc.fingerprint, string(v)) + assert.Equal(t, tc.fingerprint, string(v)) default: - assert.FatalError(t, fmt.Errorf("unexpected sign option of type %T", v)) + require.NoError(t, fmt.Errorf("unexpected sign option of type %T", v)) } } } @@ -550,7 +557,7 @@ func TestX5C_AuthorizeRevoke(t *testing.T) { tests := map[string]func(*testing.T) test{ "fail/invalid-token": func(t *testing.T) test { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, token: "foo", @@ -560,16 +567,16 @@ func TestX5C_AuthorizeRevoke(t *testing.T) { }, "ok": func(t *testing.T) test { certs, err := pemutil.ReadCertificateBundle("./testdata/certs/x5c-leaf.crt") - assert.FatalError(t, err) + require.NoError(t, err) jwk, err := jose.ReadKey("./testdata/secrets/x5c-leaf.key") - assert.FatalError(t, err) + require.NoError(t, err) p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) tok, err := generateToken("foo", p.GetName(), testAudiences.Revoke[0], "", []string{"test.smallstep.com"}, time.Now(), jwk, withX5CHdr(certs)) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, token: tok, @@ -583,9 +590,9 @@ func TestX5C_AuthorizeRevoke(t *testing.T) { if assert.NotNil(t, tc.err) { var sc render.StatusCodedError if assert.True(t, errors.As(err, &sc), "error does not implement StatusCodedError interface") { - assert.Equals(t, sc.StatusCode(), tc.code) + assert.Equal(t, tc.code, sc.StatusCode()) } - assert.HasPrefix(t, err.Error(), tc.err.Error()) + assertHasPrefix(t, err.Error(), tc.err.Error()) } } else { assert.Nil(t, tc.err) @@ -604,12 +611,12 @@ func TestX5C_AuthorizeRenew(t *testing.T) { tests := map[string]func(*testing.T) test{ "fail/renew-disabled": func(t *testing.T) test { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) // disable renewal disable := true p.Claims = &Claims{DisableRenewal: &disable} p.ctl.Claimer, err = NewClaimer(p.Claims, globalProvisionerClaims) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, code: http.StatusUnauthorized, @@ -618,7 +625,7 @@ func TestX5C_AuthorizeRenew(t *testing.T) { }, "ok": func(t *testing.T) test { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, } @@ -634,9 +641,9 @@ func TestX5C_AuthorizeRenew(t *testing.T) { if assert.NotNil(t, tc.err) { var sc render.StatusCodedError if assert.True(t, errors.As(err, &sc), "error does not implement StatusCodedError interface") { - assert.Equals(t, sc.StatusCode(), tc.code) + assert.Equal(t, tc.code, sc.StatusCode()) } - assert.HasPrefix(t, err.Error(), tc.err.Error()) + assertHasPrefix(t, err.Error(), tc.err.Error()) } } else { assert.Nil(t, tc.err) @@ -647,9 +654,9 @@ func TestX5C_AuthorizeRenew(t *testing.T) { func TestX5C_AuthorizeSSHSign(t *testing.T) { x5cCerts, err := pemutil.ReadCertificateBundle("./testdata/certs/x5c-leaf.crt") - assert.FatalError(t, err) + require.NoError(t, err) x5cJWK, err := jose.ReadKey("./testdata/secrets/x5c-leaf.key") - assert.FatalError(t, err) + require.NoError(t, err) _, fn := mockNow() defer fn() @@ -665,12 +672,12 @@ func TestX5C_AuthorizeSSHSign(t *testing.T) { tests := map[string]func(*testing.T) test{ "fail/sshCA-disabled": func(t *testing.T) test { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) // disable sshCA enable := false p.Claims = &Claims{EnableSSHCA: &enable} p.ctl.Claimer, err = NewClaimer(p.Claims, globalProvisionerClaims) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, token: "foo", @@ -680,7 +687,7 @@ func TestX5C_AuthorizeSSHSign(t *testing.T) { }, "fail/invalid-token": func(t *testing.T) test { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, token: "foo", @@ -690,11 +697,11 @@ func TestX5C_AuthorizeSSHSign(t *testing.T) { }, "fail/no-Step-claim": func(t *testing.T) test { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) tok, err := generateToken("foo", p.GetName(), testAudiences.SSHSign[0], "", []string{"test.smallstep.com"}, time.Now(), x5cJWK, withX5CHdr(x5cCerts)) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, token: tok, @@ -704,10 +711,10 @@ func TestX5C_AuthorizeSSHSign(t *testing.T) { }, "fail/no-SSH-subattribute-in-claims": func(t *testing.T) test { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) id, err := randutil.ASCII(64) - assert.FatalError(t, err) + require.NoError(t, err) now := time.Now() claims := &x5cPayload{ Claims: jose.Claims{ @@ -722,7 +729,7 @@ func TestX5C_AuthorizeSSHSign(t *testing.T) { Step: &stepPayload{}, } tok, err := generateX5CSSHToken(x5cJWK, claims, withX5CHdr(x5cCerts)) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, token: tok, @@ -732,10 +739,10 @@ func TestX5C_AuthorizeSSHSign(t *testing.T) { }, "ok/with-claims": func(t *testing.T) test { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) id, err := randutil.ASCII(64) - assert.FatalError(t, err) + require.NoError(t, err) now := time.Now() claims := &x5cPayload{ Claims: jose.Claims{ @@ -756,7 +763,7 @@ func TestX5C_AuthorizeSSHSign(t *testing.T) { }}, } tok, err := generateX5CSSHToken(x5cJWK, claims, withX5CHdr(x5cCerts)) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, claims: claims, @@ -766,10 +773,10 @@ func TestX5C_AuthorizeSSHSign(t *testing.T) { }, "ok/without-claims": func(t *testing.T) test { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) id, err := randutil.ASCII(64) - assert.FatalError(t, err) + require.NoError(t, err) now := time.Now() claims := &x5cPayload{ Claims: jose.Claims{ @@ -784,7 +791,7 @@ func TestX5C_AuthorizeSSHSign(t *testing.T) { Step: &stepPayload{SSH: &SignSSHOptions{}}, } tok, err := generateX5CSSHToken(x5cJWK, claims, withX5CHdr(x5cCerts)) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, claims: claims, @@ -794,10 +801,10 @@ func TestX5C_AuthorizeSSHSign(t *testing.T) { }, "ok/cnf": func(t *testing.T) test { p, err := generateX5C(nil) - assert.FatalError(t, err) + require.NoError(t, err) id, err := randutil.ASCII(64) - assert.FatalError(t, err) + require.NoError(t, err) now := time.Now() claims := &x5cPayload{ Claims: jose.Claims{ @@ -818,7 +825,7 @@ func TestX5C_AuthorizeSSHSign(t *testing.T) { }, } tok, err := generateX5CSSHToken(x5cJWK, claims, withX5CHdr(x5cCerts)) - assert.FatalError(t, err) + require.NoError(t, err) return test{ p: p, claims: claims, @@ -835,9 +842,9 @@ func TestX5C_AuthorizeSSHSign(t *testing.T) { if assert.NotNil(t, tc.err) { var sc render.StatusCodedError if assert.True(t, errors.As(err, &sc), "error does not implement StatusCodedError interface") { - assert.Equals(t, sc.StatusCode(), tc.code) + assert.Equal(t, tc.code, sc.StatusCode()) } - assert.HasPrefix(t, err.Error(), tc.err.Error()) + assertHasPrefix(t, err.Error(), tc.err.Error()) } } else { if assert.Nil(t, tc.err) { @@ -852,34 +859,34 @@ func TestX5C_AuthorizeSSHSign(t *testing.T) { tc.claims.Step.SSH.ValidAfter.t = time.Time{} tc.claims.Step.SSH.ValidBefore.t = time.Time{} if firstValidator { - assert.Equals(t, SignSSHOptions(v), *tc.claims.Step.SSH) + assert.Equal(t, *tc.claims.Step.SSH, SignSSHOptions(v)) } else { - assert.Equals(t, SignSSHOptions(v), SignSSHOptions{KeyID: tc.claims.Subject}) + assert.Equal(t, SignSSHOptions{KeyID: tc.claims.Subject}, SignSSHOptions(v)) } firstValidator = false case sshCertValidAfterModifier: - assert.Equals(t, int64(v), tc.claims.Step.SSH.ValidAfter.RelativeTime(nw).Unix()) + assert.Equal(t, tc.claims.Step.SSH.ValidAfter.RelativeTime(nw).Unix(), int64(v)) case sshCertValidBeforeModifier: - assert.Equals(t, int64(v), tc.claims.Step.SSH.ValidBefore.RelativeTime(nw).Unix()) + assert.Equal(t, tc.claims.Step.SSH.ValidBefore.RelativeTime(nw).Unix(), int64(v)) case *sshLimitDuration: - assert.Equals(t, v.Claimer, tc.p.ctl.Claimer) - assert.Equals(t, v.NotAfter, x5cCerts[0].NotAfter) + assert.Equal(t, tc.p.ctl.Claimer, v.Claimer) + assert.Equal(t, x5cCerts[0].NotAfter, v.NotAfter) case *sshCertValidityValidator: - assert.Equals(t, v.Claimer, tc.p.ctl.Claimer) + assert.Equal(t, tc.p.ctl.Claimer, v.Claimer) case *sshNamePolicyValidator: - assert.Equals(t, nil, v.userPolicyEngine) - assert.Equals(t, nil, v.hostPolicyEngine) + assert.Nil(t, v.userPolicyEngine) + assert.Nil(t, v.hostPolicyEngine) case *sshDefaultPublicKeyValidator, *sshCertDefaultValidator, sshCertificateOptionsFunc: case *WebhookController: - assert.Len(t, 0, v.webhooks) - assert.Equals(t, linkedca.Webhook_SSH, v.certType) - assert.Len(t, 2, v.options) + assert.Len(t, v.webhooks, 0) + assert.Equal(t, linkedca.Webhook_SSH, v.certType) + assert.Len(t, v.options, 2) default: - assert.FatalError(t, fmt.Errorf("unexpected sign option of type %T", v)) + require.NoError(t, fmt.Errorf("unexpected sign option of type %T", v)) } tot++ } - assert.Equals(t, tc.count, tot) + assert.Equal(t, tc.count, tot) } } }