github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9450 Commits
1702 Branches
457 Tags
697 MiB
Tree: 46de2c5504
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '46de2c5504'
${ noResults }
consul/agent/connect_ca_endpoint_test.go

122 lines
3.0 KiB
Raw Normal View History Unescape

agent/consul: tests for CA endpoints
7 years ago
package agent
import (
Add test for ca config http endpoint
7 years ago
"bytes"
agent/consul: tests for CA endpoints
7 years ago
"net/http"
"net/http/httptest"
"testing"
revert go changes to hide rotation config
7 years ago
"time"
agent/consul: tests for CA endpoints
7 years ago
Fix unstable tests in agent, api, and command/watch
6 years ago
"github.com/hashicorp/consul/testrpc"
Fixes #4421: General solution to stop blocking queries with index 0 (#4437) * Fix theoretical cache collision bug if/when we use more cache types with same result type * Generalized fix for blocking query handling when state store methods return zero index * Refactor test retry to only affect CI * Undo make file merge * Add hint to error message returned to end-user requests if Connect is not enabled when they try to request cert * Explicit error for Roots endpoint if connect is disabled * Fix tests that were asserting old behaviour
6 years ago
"github.com/stretchr/testify/require"
agent: CA root HTTP endpoints
7 years ago
"github.com/hashicorp/consul/agent/connect"
Rename some of the CA structs/files
7 years ago
ca "github.com/hashicorp/consul/agent/connect/ca"
agent/consul: tests for CA endpoints
7 years ago
"github.com/hashicorp/consul/agent/structs"
"github.com/stretchr/testify/assert"
)
func TestConnectCARoots_empty(t *testing.T) {
t.Parallel()
Fixes #4421: General solution to stop blocking queries with index 0 (#4437) * Fix theoretical cache collision bug if/when we use more cache types with same result type * Generalized fix for blocking query handling when state store methods return zero index * Refactor test retry to only affect CI * Undo make file merge * Add hint to error message returned to end-user requests if Connect is not enabled when they try to request cert * Explicit error for Roots endpoint if connect is disabled * Fix tests that were asserting old behaviour
6 years ago
require := require.New(t)
Wire up agent leaf endpoint to cache framework to support blocking.
7 years ago
a := NewTestAgent(t.Name(), "connect { enabled = false }")
agent/consul: tests for CA endpoints
7 years ago
defer a.Shutdown()
Fix more unstable tests in agent and command
6 years ago
testrpc.WaitForTestAgent(t, a.RPC, "dc1")
agent/consul: tests for CA endpoints
7 years ago
req, _ := http.NewRequest("GET", "/v1/connect/ca/roots", nil)
resp := httptest.NewRecorder()
Fixes #4421: General solution to stop blocking queries with index 0 (#4437) * Fix theoretical cache collision bug if/when we use more cache types with same result type * Generalized fix for blocking query handling when state store methods return zero index * Refactor test retry to only affect CI * Undo make file merge * Add hint to error message returned to end-user requests if Connect is not enabled when they try to request cert * Explicit error for Roots endpoint if connect is disabled * Fix tests that were asserting old behaviour
6 years ago
_, err := a.srv.ConnectCARoots(resp, req)
require.Error(err)
require.Contains(err.Error(), "Connect must be enabled")
agent/consul: tests for CA endpoints
7 years ago
}
agent/consul: CAS operations for setting the CA root
7 years ago
func TestConnectCARoots_list(t *testing.T) {
t.Parallel()
assert := assert.New(t)
a := NewTestAgent(t.Name(), "")
defer a.Shutdown()
Fix unstable tests in agent, api, and command/watch
6 years ago
testrpc.WaitForTestAgent(t, a.RPC, "dc1")
agent/consul: CAS operations for setting the CA root
7 years ago
Wire up agent leaf endpoint to cache framework to support blocking.
7 years ago
// Set some CAs. Note that NewTestAgent already bootstraps one CA so this just
// adds a second and makes it active.
ca2 := connect.TestCAConfigSet(t, a, nil)
agent/consul: CAS operations for setting the CA root
7 years ago
agent: CA root HTTP endpoints
7 years ago
// List
agent/consul: CAS operations for setting the CA root
7 years ago
req, _ := http.NewRequest("GET", "/v1/connect/ca/roots", nil)
resp := httptest.NewRecorder()
obj, err := a.srv.ConnectCARoots(resp, req)
Add test for ca config http endpoint
7 years ago
assert.NoError(err)
agent/consul: CAS operations for setting the CA root
7 years ago
value := obj.(structs.IndexedCARoots)
agent: CA root HTTP endpoints
7 years ago
assert.Equal(value.ActiveRootID, ca2.ID)
assert.Len(value.Roots, 2)
// We should never have the secret information
for _, r := range value.Roots {
assert.Equal("", r.SigningCert)
assert.Equal("", r.SigningKey)
}
agent/consul: CAS operations for setting the CA root
7 years ago
}
Add test for ca config http endpoint
7 years ago
func TestConnectCAConfig(t *testing.T) {
t.Parallel()
assert := assert.New(t)
a := NewTestAgent(t.Name(), "")
defer a.Shutdown()
Fix more unstable tests in agent and command
6 years ago
testrpc.WaitForTestAgent(t, a.RPC, "dc1")
Add test for ca config http endpoint
7 years ago
revert go changes to hide rotation config
7 years ago
expected := &structs.ConsulCAProviderConfig{
RotationPeriod: 90 * 24 * time.Hour,
}
connect/ca: add configurable leaf cert TTL
6 years ago
expected.LeafCertTTL = 72 * time.Hour
Add test for ca config http endpoint
7 years ago
// Get the initial config.
{
req, _ := http.NewRequest("GET", "/v1/connect/ca/configuration", nil)
resp := httptest.NewRecorder()
obj, err := a.srv.ConnectCAConfiguration(resp, req)
assert.NoError(err)
value := obj.(structs.CAConfiguration)
Rename some of the CA structs/files
7 years ago
parsed, err := ca.ParseConsulCAConfig(value.Config)
Add test for ca config http endpoint
7 years ago
assert.NoError(err)
assert.Equal("consul", value.Provider)
assert.Equal(expected, parsed)
}
// Set the config.
{
revert go changes to hide rotation config
7 years ago
body := bytes.NewBuffer([]byte(`
{
"Provider": "consul",
"Config": {
connect/ca: add configurable leaf cert TTL
6 years ago
"LeafCertTTL": "72h",
"RotationPeriod": "1h"
revert go changes to hide rotation config
7 years ago
}
}`))
Add test for ca config http endpoint
7 years ago
req, _ := http.NewRequest("PUT", "/v1/connect/ca/configuration", body)
resp := httptest.NewRecorder()
_, err := a.srv.ConnectCAConfiguration(resp, req)
assert.NoError(err)
}
// The config should be updated now.
{
revert go changes to hide rotation config
7 years ago
expected.RotationPeriod = time.Hour
Add test for ca config http endpoint
7 years ago
req, _ := http.NewRequest("GET", "/v1/connect/ca/configuration", nil)
resp := httptest.NewRecorder()
obj, err := a.srv.ConnectCAConfiguration(resp, req)
assert.NoError(err)
value := obj.(structs.CAConfiguration)
Rename some of the CA structs/files
7 years ago
parsed, err := ca.ParseConsulCAConfig(value.Config)
Add test for ca config http endpoint
7 years ago
assert.NoError(err)
assert.Equal("consul", value.Provider)
assert.Equal(expected, parsed)
}
}