From 983ee82c98570069f94287d11494cfb26aac90fc Mon Sep 17 00:00:00 2001
From: eval-exec <execvy@gmail.com>
Date: Sun, 20 Mar 2022 09:38:24 +0800
Subject: [PATCH] add test for transport/tls.go:ValidateSecureEndpoints()

---
 client/pkg/transport/tls_test.go | 36 ++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 client/pkg/transport/tls_test.go

diff --git a/client/pkg/transport/tls_test.go b/client/pkg/transport/tls_test.go
new file mode 100644
index 000000000..4e7b4a21b
--- /dev/null
+++ b/client/pkg/transport/tls_test.go
@@ -0,0 +1,36 @@
+package transport
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+)
+
+func TestValidateSecureEndpoints(t *testing.T) {
+	tlsInfo, err := createSelfCert(t)
+	if err != nil {
+		t.Fatalf("unable to create cert: %v", err)
+	}
+
+	remoteAddr := func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte(r.RemoteAddr))
+	}
+	srv := httptest.NewServer(http.HandlerFunc(remoteAddr))
+	defer srv.Close()
+
+	insecureEps := []string{
+		"http://" + srv.Listener.Addr().String(),
+		"invalid remote address",
+	}
+	if _, err := ValidateSecureEndpoints(*tlsInfo, insecureEps); err == nil || !strings.Contains(err.Error(), "is insecure") {
+		t.Error("validate secure endpoints should fail")
+	}
+
+	secureEps := []string{
+		"https://" + srv.Listener.Addr().String(),
+	}
+	if _, err := ValidateSecureEndpoints(*tlsInfo, secureEps); err != nil {
+		t.Error("validate secure endpoints should succeed")
+	}
+}