mirror of https://github.com/hashicorp/consul
agent: CA root HTTP endpoints
parent
e40afd6a73
commit
571d9aa785
|
@ -16,6 +16,7 @@ import (
|
||||||
"github.com/hashicorp/consul/acl"
|
"github.com/hashicorp/consul/acl"
|
||||||
"github.com/hashicorp/consul/agent/checks"
|
"github.com/hashicorp/consul/agent/checks"
|
||||||
"github.com/hashicorp/consul/agent/config"
|
"github.com/hashicorp/consul/agent/config"
|
||||||
|
"github.com/hashicorp/consul/agent/connect"
|
||||||
"github.com/hashicorp/consul/agent/structs"
|
"github.com/hashicorp/consul/agent/structs"
|
||||||
"github.com/hashicorp/consul/api"
|
"github.com/hashicorp/consul/api"
|
||||||
"github.com/hashicorp/consul/logger"
|
"github.com/hashicorp/consul/logger"
|
||||||
|
@ -2024,3 +2025,52 @@ func TestAgent_Token(t *testing.T) {
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestAgentConnectCARoots_empty(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
assert := assert.New(t)
|
||||||
|
a := NewTestAgent(t.Name(), "")
|
||||||
|
defer a.Shutdown()
|
||||||
|
|
||||||
|
req, _ := http.NewRequest("GET", "/v1/agent/connect/ca/roots", nil)
|
||||||
|
resp := httptest.NewRecorder()
|
||||||
|
obj, err := a.srv.AgentConnectCARoots(resp, req)
|
||||||
|
assert.Nil(err)
|
||||||
|
|
||||||
|
value := obj.(structs.IndexedCARoots)
|
||||||
|
assert.Equal(value.ActiveRootID, "")
|
||||||
|
assert.Len(value.Roots, 0)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestAgentConnectCARoots_list(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
assert := assert.New(t)
|
||||||
|
a := NewTestAgent(t.Name(), "")
|
||||||
|
defer a.Shutdown()
|
||||||
|
|
||||||
|
// Set some CAs
|
||||||
|
var reply interface{}
|
||||||
|
ca1 := connect.TestCA(t, nil)
|
||||||
|
ca1.Active = false
|
||||||
|
ca2 := connect.TestCA(t, nil)
|
||||||
|
assert.Nil(a.RPC("Test.ConnectCASetRoots",
|
||||||
|
[]*structs.CARoot{ca1, ca2}, &reply))
|
||||||
|
|
||||||
|
// List
|
||||||
|
req, _ := http.NewRequest("GET", "/v1/agent/connect/ca/roots", nil)
|
||||||
|
resp := httptest.NewRecorder()
|
||||||
|
obj, err := a.srv.AgentConnectCARoots(resp, req)
|
||||||
|
assert.Nil(err)
|
||||||
|
|
||||||
|
value := obj.(structs.IndexedCARoots)
|
||||||
|
assert.Equal(value.ActiveRootID, ca2.ID)
|
||||||
|
assert.Len(value.Roots, 2)
|
||||||
|
|
||||||
|
// We should never have the secret information
|
||||||
|
for _, r := range value.Roots {
|
||||||
|
assert.Equal("", r.SigningCert)
|
||||||
|
assert.Equal("", r.SigningKey)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -5,7 +5,7 @@ import (
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/hashicorp/consul/agent/consul"
|
"github.com/hashicorp/consul/agent/connect"
|
||||||
"github.com/hashicorp/consul/agent/structs"
|
"github.com/hashicorp/consul/agent/structs"
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
)
|
)
|
||||||
|
@ -34,15 +34,27 @@ func TestConnectCARoots_list(t *testing.T) {
|
||||||
a := NewTestAgent(t.Name(), "")
|
a := NewTestAgent(t.Name(), "")
|
||||||
defer a.Shutdown()
|
defer a.Shutdown()
|
||||||
|
|
||||||
state := consul.TestServerState(a.Agent.delegate.(*consul.Server))
|
// Set some CAs
|
||||||
t.Log(state.CARoots(nil))
|
var reply interface{}
|
||||||
|
ca1 := connect.TestCA(t, nil)
|
||||||
|
ca1.Active = false
|
||||||
|
ca2 := connect.TestCA(t, nil)
|
||||||
|
assert.Nil(a.RPC("Test.ConnectCASetRoots",
|
||||||
|
[]*structs.CARoot{ca1, ca2}, &reply))
|
||||||
|
|
||||||
|
// List
|
||||||
req, _ := http.NewRequest("GET", "/v1/connect/ca/roots", nil)
|
req, _ := http.NewRequest("GET", "/v1/connect/ca/roots", nil)
|
||||||
resp := httptest.NewRecorder()
|
resp := httptest.NewRecorder()
|
||||||
obj, err := a.srv.ConnectCARoots(resp, req)
|
obj, err := a.srv.ConnectCARoots(resp, req)
|
||||||
assert.Nil(err)
|
assert.Nil(err)
|
||||||
|
|
||||||
value := obj.(structs.IndexedCARoots)
|
value := obj.(structs.IndexedCARoots)
|
||||||
assert.Equal(value.ActiveRootID, "")
|
assert.Equal(value.ActiveRootID, ca2.ID)
|
||||||
assert.Len(value.Roots, 0)
|
assert.Len(value.Roots, 2)
|
||||||
|
|
||||||
|
// We should never have the secret information
|
||||||
|
for _, r := range value.Roots {
|
||||||
|
assert.Equal("", r.SigningCert)
|
||||||
|
assert.Equal("", r.SigningKey)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue