From 571d9aa785c540706eb747f3b23f0d1fcbdea480 Mon Sep 17 00:00:00 2001 From: Mitchell Hashimoto Date: Wed, 21 Mar 2018 10:20:35 -0700 Subject: [PATCH] agent: CA root HTTP endpoints --- agent/agent_endpoint_test.go | 50 +++++++++++++++++++++++++++++++ agent/connect_ca_endpoint_test.go | 22 ++++++++++---- 2 files changed, 67 insertions(+), 5 deletions(-) diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go index 566d397cfd..4c2f9f1d60 100644 --- a/agent/agent_endpoint_test.go +++ b/agent/agent_endpoint_test.go @@ -16,6 +16,7 @@ import ( "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/checks" "github.com/hashicorp/consul/agent/config" + "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/logger" @@ -2024,3 +2025,52 @@ func TestAgent_Token(t *testing.T) { } }) } + +func TestAgentConnectCARoots_empty(t *testing.T) { + t.Parallel() + + assert := assert.New(t) + a := NewTestAgent(t.Name(), "") + defer a.Shutdown() + + req, _ := http.NewRequest("GET", "/v1/agent/connect/ca/roots", nil) + resp := httptest.NewRecorder() + obj, err := a.srv.AgentConnectCARoots(resp, req) + assert.Nil(err) + + value := obj.(structs.IndexedCARoots) + assert.Equal(value.ActiveRootID, "") + assert.Len(value.Roots, 0) +} + +func TestAgentConnectCARoots_list(t *testing.T) { + t.Parallel() + + assert := assert.New(t) + a := NewTestAgent(t.Name(), "") + defer a.Shutdown() + + // Set some CAs + var reply interface{} + ca1 := connect.TestCA(t, nil) + ca1.Active = false + ca2 := connect.TestCA(t, nil) + assert.Nil(a.RPC("Test.ConnectCASetRoots", + []*structs.CARoot{ca1, ca2}, &reply)) + + // List + req, _ := http.NewRequest("GET", "/v1/agent/connect/ca/roots", nil) + resp := httptest.NewRecorder() + obj, err := a.srv.AgentConnectCARoots(resp, req) + assert.Nil(err) + + value := obj.(structs.IndexedCARoots) + assert.Equal(value.ActiveRootID, ca2.ID) + assert.Len(value.Roots, 2) + + // We should never have the secret information + for _, r := range value.Roots { + assert.Equal("", r.SigningCert) + assert.Equal("", r.SigningKey) + } +} diff --git a/agent/connect_ca_endpoint_test.go b/agent/connect_ca_endpoint_test.go index cec8382c08..bcf209ffe1 100644 --- a/agent/connect_ca_endpoint_test.go +++ b/agent/connect_ca_endpoint_test.go @@ -5,7 +5,7 @@ import ( "net/http/httptest" "testing" - "github.com/hashicorp/consul/agent/consul" + "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/structs" "github.com/stretchr/testify/assert" ) @@ -34,15 +34,27 @@ func TestConnectCARoots_list(t *testing.T) { a := NewTestAgent(t.Name(), "") defer a.Shutdown() - state := consul.TestServerState(a.Agent.delegate.(*consul.Server)) - t.Log(state.CARoots(nil)) + // Set some CAs + var reply interface{} + ca1 := connect.TestCA(t, nil) + ca1.Active = false + ca2 := connect.TestCA(t, nil) + assert.Nil(a.RPC("Test.ConnectCASetRoots", + []*structs.CARoot{ca1, ca2}, &reply)) + // List req, _ := http.NewRequest("GET", "/v1/connect/ca/roots", nil) resp := httptest.NewRecorder() obj, err := a.srv.ConnectCARoots(resp, req) assert.Nil(err) value := obj.(structs.IndexedCARoots) - assert.Equal(value.ActiveRootID, "") - assert.Len(value.Roots, 0) + assert.Equal(value.ActiveRootID, ca2.ID) + assert.Len(value.Roots, 2) + + // We should never have the secret information + for _, r := range value.Roots { + assert.Equal("", r.SigningCert) + assert.Equal("", r.SigningKey) + } }