mirror of https://github.com/hashicorp/consul
update golden file tests
NiniOak
parent
02efb3372d
commit
7045225a24
|
|
@ -1000,6 +1000,73 @@ func getAPIGatewayGoldenTestCases(t *testing.T) []goldenTestCase {
|
|||
}}, nil)
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "api-gateway-with-multiple-inline-certificates-tls-params-unset",
|
||||
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
|
||||
return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) {
|
||||
entry.Listeners = []structs.APIGatewayListener{
|
||||
{
|
||||
Name: "listener",
|
||||
Protocol: structs.ListenerProtocolTCP,
|
||||
Port: 8080,
|
||||
TLS: structs.APIGatewayTLSConfiguration{
|
||||
Certificates: []structs.ResourceReference{{
|
||||
Kind: structs.InlineCertificate,
|
||||
Name: "certificate",
|
||||
}},
|
||||
},
|
||||
},
|
||||
}
|
||||
bound.Listeners = []structs.BoundAPIGatewayListener{
|
||||
{
|
||||
Name: "listener",
|
||||
Certificates: []structs.ResourceReference{
|
||||
{
|
||||
Kind: structs.InlineCertificate,
|
||||
Name: "certificate",
|
||||
},
|
||||
{
|
||||
Kind: structs.InlineCertificate,
|
||||
Name: "certificate-too",
|
||||
},
|
||||
},
|
||||
Routes: []structs.ResourceReference{{
|
||||
Kind: structs.TCPRoute,
|
||||
Name: "route",
|
||||
}},
|
||||
},
|
||||
}
|
||||
},
|
||||
[]structs.BoundRoute{
|
||||
&structs.TCPRouteConfigEntry{
|
||||
Kind: structs.TCPRoute,
|
||||
Name: "route",
|
||||
Services: []structs.TCPService{{
|
||||
Name: "service",
|
||||
}},
|
||||
Parents: []structs.ResourceReference{
|
||||
{
|
||||
Kind: structs.APIGateway,
|
||||
Name: "api-gateway",
|
||||
},
|
||||
},
|
||||
},
|
||||
}, []structs.InlineCertificateConfigEntry{
|
||||
{
|
||||
Kind: structs.InlineCertificate,
|
||||
Name: "certificate",
|
||||
PrivateKey: gatewayTestPrivateKey,
|
||||
Certificate: gatewayTestCertificate,
|
||||
},
|
||||
{
|
||||
Kind: structs.InlineCertificate,
|
||||
Name: "certificate-too",
|
||||
PrivateKey: gatewayTestPrivateKeyTwo,
|
||||
Certificate: gatewayTestCertificateTwo,
|
||||
},
|
||||
}, nil)
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "api-gateway-with-multiple-inline-certificates",
|
||||
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
|
||||
|
|
@ -1073,6 +1140,87 @@ func getAPIGatewayGoldenTestCases(t *testing.T) []goldenTestCase {
|
|||
}, nil)
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "api-gateway-with-http-route-tls-params-unset",
|
||||
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
|
||||
return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) {
|
||||
entry.Listeners = []structs.APIGatewayListener{
|
||||
{
|
||||
Name: "listener",
|
||||
Protocol: structs.ListenerProtocolHTTP,
|
||||
Port: 8080,
|
||||
},
|
||||
}
|
||||
bound.Listeners = []structs.BoundAPIGatewayListener{
|
||||
{
|
||||
Name: "listener",
|
||||
Certificates: []structs.ResourceReference{{
|
||||
Kind: structs.InlineCertificate,
|
||||
Name: "certificate",
|
||||
}},
|
||||
Routes: []structs.ResourceReference{{
|
||||
Kind: structs.HTTPRoute,
|
||||
Name: "route",
|
||||
}},
|
||||
},
|
||||
}
|
||||
}, []structs.BoundRoute{
|
||||
&structs.HTTPRouteConfigEntry{
|
||||
Kind: structs.HTTPRoute,
|
||||
Name: "route",
|
||||
Rules: []structs.HTTPRouteRule{{
|
||||
Filters: structs.HTTPFilters{
|
||||
Headers: []structs.HTTPHeaderFilter{
|
||||
{
|
||||
Add: map[string]string{
|
||||
"X-Header-Add": "added",
|
||||
},
|
||||
Set: map[string]string{
|
||||
"X-Header-Set": "set",
|
||||
},
|
||||
Remove: []string{"X-Header-Remove"},
|
||||
},
|
||||
},
|
||||
RetryFilter: &structs.RetryFilter{
|
||||
NumRetries: 3,
|
||||
RetryOn: []string{"cancelled"},
|
||||
RetryOnStatusCodes: []uint32{500},
|
||||
RetryOnConnectFailure: true,
|
||||
},
|
||||
TimeoutFilter: &structs.TimeoutFilter{
|
||||
IdleTimeout: time.Second * 30,
|
||||
RequestTimeout: time.Second * 30,
|
||||
},
|
||||
},
|
||||
Services: []structs.HTTPService{{
|
||||
Name: "service",
|
||||
}},
|
||||
}},
|
||||
Parents: []structs.ResourceReference{
|
||||
{
|
||||
Kind: structs.APIGateway,
|
||||
Name: "api-gateway",
|
||||
},
|
||||
},
|
||||
},
|
||||
}, []structs.InlineCertificateConfigEntry{{
|
||||
Kind: structs.InlineCertificate,
|
||||
Name: "certificate",
|
||||
PrivateKey: gatewayTestPrivateKey,
|
||||
Certificate: gatewayTestCertificate,
|
||||
}}, []proxycfg.UpdateEvent{{
|
||||
CorrelationID: "discovery-chain:" + serviceUID.String(),
|
||||
Result: &structs.DiscoveryChainResponse{
|
||||
Chain: serviceChain,
|
||||
},
|
||||
}, {
|
||||
CorrelationID: "upstream-target:" + serviceChain.ID() + ":" + serviceUID.String(),
|
||||
Result: &structs.IndexedCheckServiceNodes{
|
||||
Nodes: proxycfg.TestUpstreamNodes(t, "service"),
|
||||
},
|
||||
}})
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "api-gateway-with-http-route",
|
||||
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
|
||||
|
|
@ -1082,6 +1230,18 @@ func getAPIGatewayGoldenTestCases(t *testing.T) []goldenTestCase {
|
|||
Name: "listener",
|
||||
Protocol: structs.ListenerProtocolHTTP,
|
||||
Port: 8080,
|
||||
TLS: structs.APIGatewayTLSConfiguration{
|
||||
Certificates: []structs.ResourceReference{{
|
||||
Kind: structs.InlineCertificate,
|
||||
Name: "certificate",
|
||||
}},
|
||||
MinVersion: types.TLSv1_2,
|
||||
MaxVersion: types.TLSv1_3,
|
||||
CipherSuites: []types.TLSCipherSuite{
|
||||
types.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
types.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
bound.Listeners = []structs.BoundAPIGatewayListener{
|
||||
|
|
|
|||
|
|
@ -61,7 +61,14 @@
|
|||
}
|
||||
}
|
||||
],
|
||||
"tlsParams": {}
|
||||
"tlsParams": {
|
||||
"cipherSuites": [
|
||||
"ECDHE-ECDSA-AES256-GCM-SHA384",
|
||||
"ECDHE-RSA-CHACHA20-POLY1305"
|
||||
],
|
||||
"tlsMaximumProtocolVersion": "TLSv1_3",
|
||||
"tlsMinimumProtocolVersion": "TLSv1_2"
|
||||
}
|
||||
},
|
||||
"requireClientCertificate": false
|
||||
}
|
||||
|
|
|
|||
|
|
@ -41,7 +41,14 @@
|
|||
}
|
||||
}
|
||||
],
|
||||
"tlsParams": {}
|
||||
"tlsParams": {
|
||||
"cipherSuites": [
|
||||
"ECDHE-ECDSA-AES256-GCM-SHA384",
|
||||
"ECDHE-RSA-CHACHA20-POLY1305"
|
||||
],
|
||||
"tlsMaximumProtocolVersion": "TLSv1_3",
|
||||
"tlsMinimumProtocolVersion": "TLSv1_2"
|
||||
}
|
||||
},
|
||||
"requireClientCertificate": false
|
||||
}
|
||||
|
|
@ -73,7 +80,14 @@
|
|||
}
|
||||
}
|
||||
],
|
||||
"tlsParams": {},
|
||||
"tlsParams": {
|
||||
"cipherSuites": [
|
||||
"ECDHE-ECDSA-AES256-GCM-SHA384",
|
||||
"ECDHE-RSA-CHACHA20-POLY1305"
|
||||
],
|
||||
"tlsMaximumProtocolVersion": "TLSv1_3",
|
||||
"tlsMinimumProtocolVersion": "TLSv1_2"
|
||||
},
|
||||
"validationContext": {
|
||||
"trustedCa": {
|
||||
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
|
||||
|
|
|
|||
Loading…
Reference in New Issue