|
|
|
@ -36,7 +36,7 @@ func TestClientForwardToServer(t *testing.T) {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
type testCase struct {
|
|
|
|
type testCase struct {
|
|
|
|
description string
|
|
|
|
description string
|
|
|
|
operations []operation
|
|
|
|
operation operation
|
|
|
|
aclEnabled bool
|
|
|
|
aclEnabled bool
|
|
|
|
tlsEnabled bool
|
|
|
|
tlsEnabled bool
|
|
|
|
verifyIncoming bool
|
|
|
|
verifyIncoming bool
|
|
|
|
@ -45,68 +45,58 @@ func TestClientForwardToServer(t *testing.T) {
|
|
|
|
testCases := []testCase{
|
|
|
|
testCases := []testCase{
|
|
|
|
{
|
|
|
|
{
|
|
|
|
description: "The apply request should be forwarded to consul server agent",
|
|
|
|
description: "The apply request should be forwarded to consul server agent",
|
|
|
|
operations: []operation{
|
|
|
|
operation: operation{
|
|
|
|
{
|
|
|
|
|
|
|
|
action: applyResource,
|
|
|
|
action: applyResource,
|
|
|
|
includeToken: false,
|
|
|
|
includeToken: false,
|
|
|
|
expectedCode: 0,
|
|
|
|
expectedCode: 0,
|
|
|
|
expectedMsg: "demo.v2.Artist 'korn' created.",
|
|
|
|
expectedMsg: "demo.v2.Artist 'korn' created.",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
aclEnabled: false,
|
|
|
|
aclEnabled: false,
|
|
|
|
tlsEnabled: false,
|
|
|
|
tlsEnabled: false,
|
|
|
|
verifyIncoming: false,
|
|
|
|
verifyIncoming: false,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
{
|
|
|
|
description: "The apply request should be denied if missing token when ACL is enabled",
|
|
|
|
description: "The apply request should be denied if missing token when ACL is enabled",
|
|
|
|
operations: []operation{
|
|
|
|
operation: operation{
|
|
|
|
{
|
|
|
|
|
|
|
|
action: applyResource,
|
|
|
|
action: applyResource,
|
|
|
|
includeToken: false,
|
|
|
|
includeToken: false,
|
|
|
|
expectedCode: 1,
|
|
|
|
expectedCode: 1,
|
|
|
|
expectedMsg: "failed getting authorizer: ACL not found",
|
|
|
|
expectedMsg: "failed getting authorizer: ACL not found",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
aclEnabled: true,
|
|
|
|
aclEnabled: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
{
|
|
|
|
description: "The apply request should be allowed if providing token when ACL is enabled",
|
|
|
|
description: "The apply request should be allowed if providing token when ACL is enabled",
|
|
|
|
operations: []operation{
|
|
|
|
operation: operation{
|
|
|
|
{
|
|
|
|
|
|
|
|
action: applyResource,
|
|
|
|
action: applyResource,
|
|
|
|
includeToken: true,
|
|
|
|
includeToken: true,
|
|
|
|
expectedCode: 0,
|
|
|
|
expectedCode: 0,
|
|
|
|
expectedMsg: "demo.v2.Artist 'korn' created.",
|
|
|
|
expectedMsg: "demo.v2.Artist 'korn' created.",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
aclEnabled: true,
|
|
|
|
aclEnabled: true,
|
|
|
|
tlsEnabled: false,
|
|
|
|
tlsEnabled: false,
|
|
|
|
verifyIncoming: false,
|
|
|
|
verifyIncoming: false,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
{
|
|
|
|
description: "The apply request should be forwarded to consul server agent when server is in TLS mode",
|
|
|
|
description: "The apply request should be forwarded to consul server agent when server is in TLS mode",
|
|
|
|
operations: []operation{
|
|
|
|
operation: operation{
|
|
|
|
{
|
|
|
|
|
|
|
|
action: applyResource,
|
|
|
|
action: applyResource,
|
|
|
|
includeToken: false,
|
|
|
|
includeToken: false,
|
|
|
|
expectedCode: 0,
|
|
|
|
expectedCode: 0,
|
|
|
|
expectedMsg: "demo.v2.Artist 'korn' created.",
|
|
|
|
expectedMsg: "demo.v2.Artist 'korn' created.",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
aclEnabled: false,
|
|
|
|
aclEnabled: false,
|
|
|
|
tlsEnabled: true,
|
|
|
|
tlsEnabled: true,
|
|
|
|
verifyIncoming: false,
|
|
|
|
verifyIncoming: false,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
{
|
|
|
|
description: "The apply request should be forwarded to consul server agent when server and client are in TLS mode",
|
|
|
|
description: "The apply request should be forwarded to consul server agent when server and client are in TLS mode",
|
|
|
|
operations: []operation{
|
|
|
|
operation: operation{
|
|
|
|
{
|
|
|
|
|
|
|
|
action: applyResource,
|
|
|
|
action: applyResource,
|
|
|
|
includeToken: false,
|
|
|
|
includeToken: false,
|
|
|
|
expectedCode: 0,
|
|
|
|
expectedCode: 0,
|
|
|
|
expectedMsg: "demo.v2.Artist 'korn' created.",
|
|
|
|
expectedMsg: "demo.v2.Artist 'korn' created.",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
aclEnabled: false,
|
|
|
|
aclEnabled: false,
|
|
|
|
tlsEnabled: true,
|
|
|
|
tlsEnabled: true,
|
|
|
|
verifyIncoming: true,
|
|
|
|
verifyIncoming: true,
|
|
|
|
@ -123,15 +113,13 @@ func TestClientForwardToServer(t *testing.T) {
|
|
|
|
defer terminate(t, cluster)
|
|
|
|
defer terminate(t, cluster)
|
|
|
|
|
|
|
|
|
|
|
|
// perform actions and validate returned messages
|
|
|
|
// perform actions and validate returned messages
|
|
|
|
for _, op := range tc.operations {
|
|
|
|
|
|
|
|
token := ""
|
|
|
|
token := ""
|
|
|
|
if op.includeToken {
|
|
|
|
if tc.operation.includeToken {
|
|
|
|
token = cluster.TokenBootstrap
|
|
|
|
token = cluster.TokenBootstrap
|
|
|
|
}
|
|
|
|
}
|
|
|
|
code, res := op.action(t, clientAgent, token, tc.verifyIncoming)
|
|
|
|
code, res := tc.operation.action(t, clientAgent, token, tc.verifyIncoming)
|
|
|
|
require.Equal(t, op.expectedCode, code)
|
|
|
|
require.Equal(t, tc.operation.expectedCode, code)
|
|
|
|
require.Contains(t, res, op.expectedMsg)
|
|
|
|
require.Contains(t, res, tc.operation.expectedMsg)
|
|
|
|
}
|
|
|
|
|
|
|
|
})
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Xinyi Wang
10 months ago