Add some more tests and switch to require

Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>

config/config.go

@@ -254,12 +254,12 @@ func (d *Database) GormParams() (dbType DBBackendType, uri string, err error) {
 	case MySQLBackend:
 		uri, err = d.MySQL.ConnectionString()
 		if err != nil {
-			return "", "", errors.Wrap(err, "validating mysql config")
+			return "", "", errors.Wrap(err, "fetching mysql connection string")
 		}
 	case SQLiteBackend:
 		uri, err = d.SQLite.ConnectionString()
 		if err != nil {
-			return "", "", errors.Wrap(err, "validating mysql config")
+			return "", "", errors.Wrap(err, "fetching sqlite3 connection string")
 		}
 	default:
 		return "", "", fmt.Errorf("invalid database backend: %s", dbType)
@@ -272,9 +272,16 @@ func (d *Database) Validate() error {
 	if d.DbBackend == "" {
 		return fmt.Errorf("invalid databse configuration: backend is required")
 	}
+
 	if len(d.Passphrase) != 32 {
 		return fmt.Errorf("passphrase must be set and it must be a string of 32 characters (aes 256)")
 	}
+
+	passwordStenght := zxcvbn.PasswordStrength(d.Passphrase, nil)
+	if passwordStenght.Score < 4 {
+		return fmt.Errorf("database passphrase is too weak")
+	}
+
 	switch d.DbBackend {
 	case MySQLBackend:
 		if err := d.MySQL.Validate(); err != nil {

config/config_test.go

@@ -20,11 +20,12 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 var (
-	EncryptionPassphrase = "bocyasicgatEtenOubwonIbsudNutDom"
+	EncryptionPassphrase     = "bocyasicgatEtenOubwonIbsudNutDom"
+	WeakEncryptionPassphrase = "1234567890abcdefghijklmnopqrstuv"
 )
 
 func getDefaultSectionConfig(configDir string) Default {
@@ -53,6 +54,15 @@ func getDefaultAPIServerConfig() APIServer {
 	}
 }
 
+func getMySQLDefaultConfig() MySQL {
+	return MySQL{
+		Username:     "test",
+		Password:     "test",
+		Hostname:     "127.0.0.1",
+		DatabaseName: "garm",
+	}
+}
+
 func getDefaultDatabaseConfig(dir string) Database {
 	return Database{
 		Debug:     false,
@@ -114,7 +124,7 @@ func TestConfig(t *testing.T) {
 	cfg := getDefaultConfig(t)
 
 	err := cfg.Validate()
-	assert.Nil(t, err)
+	require.Nil(t, err)
 }
 
 func TestDefaultSectionConfig(t *testing.T) {
@@ -165,10 +175,10 @@ func TestDefaultSectionConfig(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			err := tc.cfg.Validate()
 			if tc.errString == "" {
-				assert.Nil(t, err)
+				require.Nil(t, err)
 			} else {
-				assert.NotNil(t, err)
-				assert.Regexp(t, tc.errString, err.Error())
+				require.NotNil(t, err)
+				require.Regexp(t, tc.errString, err.Error())
 			}
 		})
 	}
@@ -253,10 +263,10 @@ func TestValidateAPIServerConfig(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			err := tc.cfg.Validate()
 			if tc.errString == "" {
-				assert.Nil(t, err)
+				require.Nil(t, err)
 			} else {
-				assert.NotNil(t, err)
-				assert.Regexp(t, tc.errString, err.Error())
+				require.NotNil(t, err)
+				require.Regexp(t, tc.errString, err.Error())
 			}
 		})
 	}
@@ -266,31 +276,31 @@ func TestAPIBindAddress(t *testing.T) {
 	cfg := getDefaultAPIServerConfig()
 
 	err := cfg.Validate()
-	assert.Nil(t, err)
-	assert.Equal(t, cfg.BindAddress(), "0.0.0.0:9998")
+	require.Nil(t, err)
+	require.Equal(t, cfg.BindAddress(), "0.0.0.0:9998")
 }
 
 func TestAPITLSconfig(t *testing.T) {
 	cfg := getDefaultAPIServerConfig()
 
 	err := cfg.Validate()
-	assert.Nil(t, err)
+	require.Nil(t, err)
 
 	tlsCfg, err := cfg.APITLSConfig()
-	assert.Nil(t, err)
-	assert.NotNil(t, tlsCfg)
+	require.Nil(t, err)
+	require.NotNil(t, tlsCfg)
 
 	// Any error in the TLSConfig should return an error here.
 	cfg.TLSConfig = TLSConfig{}
 	tlsCfg, err = cfg.APITLSConfig()
-	assert.NotNil(t, err)
-	assert.EqualError(t, err, "missing crt or key")
+	require.NotNil(t, err)
+	require.EqualError(t, err, "missing crt or key")
 
 	// If TLS is disabled, don't validate TLSconfig.
 	cfg.UseTLS = false
 	tlsCfg, err = cfg.APITLSConfig()
-	assert.Nil(t, err)
-	assert.Nil(t, tlsCfg)
+	require.Nil(t, err)
+	require.Nil(t, tlsCfg)
 }
 
 func TestTLSConfig(t *testing.T) {
@@ -309,7 +319,7 @@ func TestTLSConfig(t *testing.T) {
 	cfg := getDefaultTLSConfig()
 
 	err = cfg.Validate()
-	assert.Nil(t, err)
+	require.Nil(t, err)
 
 	tests := []struct {
 		name      string
@@ -372,12 +382,119 @@ func TestTLSConfig(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			tlsCfg, err := tc.cfg.TLSConfig()
 			if tc.errString == "" {
-				assert.Nil(t, err)
-				assert.NotNil(t, tlsCfg)
+				require.Nil(t, err)
+				require.NotNil(t, tlsCfg)
 			} else {
-				assert.NotNil(t, err)
-				assert.Nil(t, tlsCfg)
-				assert.Regexp(t, tc.errString, err.Error())
+				require.NotNil(t, err)
+				require.Nil(t, tlsCfg)
+				require.Regexp(t, tc.errString, err.Error())
+			}
+		})
+	}
+}
+
+func TestDatabaseConfig(t *testing.T) {
+	dir, err := ioutil.TempDir("", "garm-config-test")
+	if err != nil {
+		t.Fatalf("failed to create temporary directory: %s", err)
+	}
+	t.Cleanup(func() { os.RemoveAll(dir) })
+	cfg := getDefaultDatabaseConfig(dir)
+
+	tests := []struct {
+		name      string
+		cfg       Database
+		errString string
+	}{
+		{
+			name:      "Config is valid",
+			cfg:       cfg,
+			errString: "",
+		},
+		{
+			name: "Missing backend",
+			cfg: Database{
+				DbBackend:  "",
+				SQLite:     cfg.SQLite,
+				Passphrase: cfg.Passphrase,
+			},
+			errString: "invalid databse configuration: backend is required",
+		},
+		{
+			name: "Invalid backend type",
+			cfg: Database{
+				DbBackend:  DBBackendType("bogus"),
+				SQLite:     cfg.SQLite,
+				Passphrase: cfg.Passphrase,
+			},
+			errString: "invalid database backend: bogus",
+		},
+		{
+			name: "Missing passphrase",
+			cfg: Database{
+				DbBackend:  cfg.DbBackend,
+				SQLite:     cfg.SQLite,
+				Passphrase: "",
+			},
+			errString: "passphrase must be set and it must be a string of 32 characters*",
+		},
+		{
+			name: "passphrase has invalid length",
+			cfg: Database{
+				DbBackend:  cfg.DbBackend,
+				SQLite:     cfg.SQLite,
+				Passphrase: "testing",
+			},
+			errString: "passphrase must be set and it must be a string of 32 characters*",
+		},
+		{
+			name: "passphrase is too weak",
+			cfg: Database{
+				DbBackend:  cfg.DbBackend,
+				SQLite:     cfg.SQLite,
+				Passphrase: WeakEncryptionPassphrase,
+			},
+			errString: "database passphrase is too weak",
+		},
+		{
+			name: "sqlite3 backend is missconfigured",
+			cfg: Database{
+				DbBackend: cfg.DbBackend,
+				SQLite: SQLite{
+					DBFile: "",
+				},
+				Passphrase: cfg.Passphrase,
+			},
+			errString: "validating sqlite3 config: no valid db_file was specified",
+		},
+		{
+			name: "mysql backend is missconfigured",
+			cfg: Database{
+				DbBackend:  MySQLBackend,
+				MySQL:      MySQL{},
+				Passphrase: cfg.Passphrase,
+			},
+			errString: "validating mysql config: database, username, password, hostname are mandatory parameters for the database section",
+		},
+		{
+			name: "mysql backend is configured and valid",
+			cfg: Database{
+				DbBackend:  MySQLBackend,
+				MySQL:      getMySQLDefaultConfig(),
+				Passphrase: cfg.Passphrase,
+			},
+			errString: "",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			err := tc.cfg.Validate()
+			if tc.errString == "" {
+				require.Nil(t, err)
+			} else {
+				require.NotNil(t, err)
+				require.Regexp(t, tc.errString, err.Error())
 			}
 		})
 	}

config/external_test.go

@@ -21,7 +21,7 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func getDefaultExternalConfig(t *testing.T) External {
@@ -101,10 +101,10 @@ func TestExternal(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			err := tc.cfg.Validate()
 			if tc.errString == "" {
-				assert.Nil(t, err)
+				require.Nil(t, err)
 			} else {
-				assert.NotNil(t, err)
-				assert.EqualError(t, err, tc.errString)
+				require.NotNil(t, err)
+				require.EqualError(t, err, tc.errString)
 			}
 		})
 	}
@@ -114,11 +114,11 @@ func TestProviderExecutableIsExecutable(t *testing.T) {
 	cfg := getDefaultExternalConfig(t)
 
 	execPath, err := cfg.ExecutablePath()
-	assert.Nil(t, err)
+	require.Nil(t, err)
 	err = os.Chmod(execPath, 0o644)
-	assert.Nil(t, err)
+	require.Nil(t, err)
 
 	err = cfg.Validate()
-	assert.NotNil(t, err)
-	assert.EqualError(t, err, fmt.Sprintf("external provider binary %s is not executable", execPath))
+	require.NotNil(t, err)
+	require.EqualError(t, err, fmt.Sprintf("external provider binary %s is not executable", execPath))
 }

config/lxd_test.go

@@ -17,7 +17,7 @@ package config
 import (
 	"testing"
 
-	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func getDefaultLXDImageRemoteConfig() LXDImageRemote {
@@ -49,7 +49,7 @@ func TestLXDRemote(t *testing.T) {
 	cfg := getDefaultLXDImageRemoteConfig()
 
 	err := cfg.Validate()
-	assert.Nil(t, err)
+	require.Nil(t, err)
 }
 
 func TestLXDRemoteEmptyAddress(t *testing.T) {
@@ -58,8 +58,8 @@ func TestLXDRemoteEmptyAddress(t *testing.T) {
 	cfg.Address = ""
 
 	err := cfg.Validate()
-	assert.NotNil(t, err)
-	assert.EqualError(t, err, "missing address")
+	require.NotNil(t, err)
+	require.EqualError(t, err, "missing address")
 }
 
 func TestLXDRemoteInvalidAddress(t *testing.T) {
@@ -67,8 +67,8 @@ func TestLXDRemoteInvalidAddress(t *testing.T) {
 
 	cfg.Address = "bogus address"
 	err := cfg.Validate()
-	assert.NotNil(t, err)
-	assert.EqualError(t, err, "validating address: parse \"bogus address\": invalid URI for request")
+	require.NotNil(t, err)
+	require.EqualError(t, err, "validating address: parse \"bogus address\": invalid URI for request")
 }
 
 func TestLXDRemoteIvalidAddressScheme(t *testing.T) {
@@ -76,14 +76,14 @@ func TestLXDRemoteIvalidAddressScheme(t *testing.T) {
 
 	cfg.Address = "ftp://whatever"
 	err := cfg.Validate()
-	assert.NotNil(t, err)
-	assert.EqualError(t, err, "address must be http or https")
+	require.NotNil(t, err)
+	require.EqualError(t, err, "address must be http or https")
 }
 
 func TestLXDConfig(t *testing.T) {
 	cfg := getDefaultLXDConfig()
 	err := cfg.Validate()
-	assert.Nil(t, err)
+	require.Nil(t, err)
 }
 
 func TestLXDWithInvalidUnixSocket(t *testing.T) {
@@ -91,8 +91,8 @@ func TestLXDWithInvalidUnixSocket(t *testing.T) {
 
 	cfg.UnixSocket = "bogus unix socket"
 	err := cfg.Validate()
-	assert.NotNil(t, err)
-	assert.EqualError(t, err, "could not access unix socket bogus unix socket: \"stat bogus unix socket: no such file or directory\"")
+	require.NotNil(t, err)
+	require.EqualError(t, err, "could not access unix socket bogus unix socket: \"stat bogus unix socket: no such file or directory\"")
 }
 
 func TestMissingUnixSocketAndMissingURL(t *testing.T) {
@@ -102,8 +102,8 @@ func TestMissingUnixSocketAndMissingURL(t *testing.T) {
 	cfg.UnixSocket = ""
 
 	err := cfg.Validate()
-	assert.NotNil(t, err)
-	assert.EqualError(t, err, "unix_socket or address must be specified")
+	require.NotNil(t, err)
+	require.EqualError(t, err, "unix_socket or address must be specified")
 }
 
 func TestInvalidLXDURL(t *testing.T) {
@@ -111,8 +111,8 @@ func TestInvalidLXDURL(t *testing.T) {
 	cfg.URL = "bogus"
 
 	err := cfg.Validate()
-	assert.NotNil(t, err)
-	assert.EqualError(t, err, "invalid LXD URL")
+	require.NotNil(t, err)
+	require.EqualError(t, err, "invalid LXD URL")
 }
 
 func TestLXDURLIsHTTPS(t *testing.T) {
@@ -120,37 +120,37 @@ func TestLXDURLIsHTTPS(t *testing.T) {
 	cfg.URL = "http://example.com"
 
 	err := cfg.Validate()
-	assert.NotNil(t, err)
-	assert.EqualError(t, err, "address must be https")
+	require.NotNil(t, err)
+	require.EqualError(t, err, "address must be https")
 }
 
 func TestMissingClientCertOrKey(t *testing.T) {
 	cfg := getDefaultLXDConfig()
 	cfg.ClientKey = ""
 	err := cfg.Validate()
-	assert.NotNil(t, err)
-	assert.EqualError(t, err, "client_certificate and client_key are mandatory")
+	require.NotNil(t, err)
+	require.EqualError(t, err, "client_certificate and client_key are mandatory")
 
 	cfg = getDefaultLXDConfig()
 	cfg.ClientCertificate = ""
 	err = cfg.Validate()
-	assert.NotNil(t, err)
-	assert.EqualError(t, err, "client_certificate and client_key are mandatory")
+	require.NotNil(t, err)
+	require.EqualError(t, err, "client_certificate and client_key are mandatory")
 }
 
 func TestLXDIvalidCertOrKeyPaths(t *testing.T) {
 	cfg := getDefaultLXDConfig()
 	cfg.ClientCertificate = "/i/am/not/here"
 	err := cfg.Validate()
-	assert.NotNil(t, err)
-	assert.EqualError(t, err, "failed to access client certificate /i/am/not/here: \"stat /i/am/not/here: no such file or directory\"")
+	require.NotNil(t, err)
+	require.EqualError(t, err, "failed to access client certificate /i/am/not/here: \"stat /i/am/not/here: no such file or directory\"")
 
 	cfg.ClientCertificate = "../testdata/lxd/certs/client.crt"
 	cfg.ClientKey = "/me/neither"
 
 	err = cfg.Validate()
-	assert.NotNil(t, err)
-	assert.EqualError(t, err, "failed to access client key /me/neither: \"stat /me/neither: no such file or directory\"")
+	require.NotNil(t, err)
+	require.EqualError(t, err, "failed to access client key /me/neither: \"stat /me/neither: no such file or directory\"")
 }
 
 func TestLXDInvalidServerCertPath(t *testing.T) {
@@ -158,8 +158,8 @@ func TestLXDInvalidServerCertPath(t *testing.T) {
 	cfg.TLSServerCert = "/not/a/valid/server/cert/path"
 
 	err := cfg.Validate()
-	assert.NotNil(t, err)
-	assert.EqualError(t, err, "failed to access tls_server_certificate /not/a/valid/server/cert/path: \"stat /not/a/valid/server/cert/path: no such file or directory\"")
+	require.NotNil(t, err)
+	require.EqualError(t, err, "failed to access tls_server_certificate /not/a/valid/server/cert/path: \"stat /not/a/valid/server/cert/path: no such file or directory\"")
 }
 
 func TestInvalidLXDImageRemotes(t *testing.T) {
@@ -170,6 +170,6 @@ func TestInvalidLXDImageRemotes(t *testing.T) {
 	}
 
 	err := cfg.Validate()
-	assert.NotNil(t, err)
-	assert.EqualError(t, err, "remote default is invalid: invalid remote protocol bogus. Supported protocols: simplestreams")
+	require.NotNil(t, err)
+	require.EqualError(t, err, "remote default is invalid: invalid remote protocol bogus. Supported protocols: simplestreams")
 }