mirror of https://github.com/hashicorp/consul
chore(test): Update bats version
parent
147fd96d97
commit
817449041d
|
@ -207,13 +207,6 @@ func (e *ServiceConfigEntry) Validate() error {
|
||||||
if e.Endpoint.Port < 1 || e.Endpoint.Port > 65535 {
|
if e.Endpoint.Port < 1 || e.Endpoint.Port > 65535 {
|
||||||
validationErr = multierror.Append(validationErr, fmt.Errorf("Invalid Port number %d", e.Endpoint.Port))
|
validationErr = multierror.Append(validationErr, fmt.Errorf("Invalid Port number %d", e.Endpoint.Port))
|
||||||
}
|
}
|
||||||
|
|
||||||
// If either client cert config file was specified then the CA file, client cert, and key file must be specified
|
|
||||||
// Specifying only a CAFile is allowed for one-way TLS
|
|
||||||
if (e.Endpoint.CertFile != "" || e.Endpoint.KeyFile != "") &&
|
|
||||||
!(e.Endpoint.CAFile != "" && e.Endpoint.CertFile != "" && e.Endpoint.KeyFile != "") {
|
|
||||||
validationErr = multierror.Append(validationErr, errors.New("Endpoint must have a CertFile, CAFile, and KeyFile specified for TLS origination"))
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return validationErr
|
return validationErr
|
||||||
|
@ -238,22 +231,6 @@ func validateEndpointAddress(address string) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e *ServiceConfigEntry) Warnings() []string {
|
|
||||||
if e == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
warnings := make([]string, 0)
|
|
||||||
|
|
||||||
if e.Endpoint != nil {
|
|
||||||
if (e.Endpoint.CAFile != "" || e.Endpoint.CertFile != "" || e.Endpoint.KeyFile != "") && e.Endpoint.SNI == "" {
|
|
||||||
warning := fmt.Sprintf("TLS is configured but SNI is not set for the endpoint. Enabling SNI is strongly recommended when using TLS.")
|
|
||||||
warnings = append(warnings, warning)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return warnings
|
|
||||||
}
|
|
||||||
|
|
||||||
func (e *ServiceConfigEntry) CanRead(authz acl.Authorizer) error {
|
func (e *ServiceConfigEntry) CanRead(authz acl.Authorizer) error {
|
||||||
var authzContext acl.AuthorizerContext
|
var authzContext acl.AuthorizerContext
|
||||||
e.FillAuthzContext(&authzContext)
|
e.FillAuthzContext(&authzContext)
|
||||||
|
@ -321,21 +298,6 @@ type EndpointConfig struct {
|
||||||
|
|
||||||
// Port allowed within this endpoint
|
// Port allowed within this endpoint
|
||||||
Port int `json:",omitempty"`
|
Port int `json:",omitempty"`
|
||||||
|
|
||||||
// CAFile is the optional path to a CA certificate to use for TLS connections
|
|
||||||
// from the gateway to the linked service
|
|
||||||
CAFile string `json:",omitempty" alias:"ca_file"`
|
|
||||||
|
|
||||||
// CertFile is the optional path to a client certificate to use for TLS connections
|
|
||||||
// from the gateway to the linked service
|
|
||||||
CertFile string `json:",omitempty" alias:"cert_file"`
|
|
||||||
|
|
||||||
// KeyFile is the optional path to a private key to use for TLS connections
|
|
||||||
// from the gateway to the linked service
|
|
||||||
KeyFile string `json:",omitempty" alias:"key_file"`
|
|
||||||
|
|
||||||
// SNI is the optional name to specify during the TLS handshake with a linked service.
|
|
||||||
SNI string `json:",omitempty"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// ProxyConfigEntry is the top-level struct for global proxy configuration defaults.
|
// ProxyConfigEntry is the top-level struct for global proxy configuration defaults.
|
||||||
|
|
|
@ -436,10 +436,6 @@ func TestDecodeConfigEntry(t *testing.T) {
|
||||||
endpoint {
|
endpoint {
|
||||||
address = "1.2.3.4/24"
|
address = "1.2.3.4/24"
|
||||||
port = 8080
|
port = 8080
|
||||||
ca_file = "ca.pem"
|
|
||||||
cert_file = "cert.pem"
|
|
||||||
key_file = "key.pem"
|
|
||||||
sni = "external.com"
|
|
||||||
}
|
}
|
||||||
`,
|
`,
|
||||||
camel: `
|
camel: `
|
||||||
|
@ -449,10 +445,6 @@ func TestDecodeConfigEntry(t *testing.T) {
|
||||||
Endpoint {
|
Endpoint {
|
||||||
Address = "1.2.3.4/24"
|
Address = "1.2.3.4/24"
|
||||||
Port = 8080
|
Port = 8080
|
||||||
CAFile = "ca.pem"
|
|
||||||
CertFile = "cert.pem"
|
|
||||||
KeyFile = "key.pem"
|
|
||||||
SNI = "external.com"
|
|
||||||
}
|
}
|
||||||
`,
|
`,
|
||||||
expect: &ServiceConfigEntry{
|
expect: &ServiceConfigEntry{
|
||||||
|
@ -460,12 +452,8 @@ func TestDecodeConfigEntry(t *testing.T) {
|
||||||
Name: "external",
|
Name: "external",
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
Endpoint: &EndpointConfig{
|
Endpoint: &EndpointConfig{
|
||||||
Address: "1.2.3.4/24",
|
Address: "1.2.3.4/24",
|
||||||
Port: 8080,
|
Port: 8080,
|
||||||
CAFile: "ca.pem",
|
|
||||||
CertFile: "cert.pem",
|
|
||||||
KeyFile: "key.pem",
|
|
||||||
SNI: "external.com",
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2511,82 +2499,6 @@ func TestServiceConfigEntry(t *testing.T) {
|
||||||
},
|
},
|
||||||
validateErr: "Invalid Port number",
|
validateErr: "Invalid Port number",
|
||||||
},
|
},
|
||||||
"validate: not all TLS options provided-1": {
|
|
||||||
entry: &ServiceConfigEntry{
|
|
||||||
Kind: ServiceDefaults,
|
|
||||||
Name: "external",
|
|
||||||
Protocol: "tcp",
|
|
||||||
Endpoint: &EndpointConfig{
|
|
||||||
Address: "2001:db8::8a2e:370:7334/64",
|
|
||||||
Port: 443,
|
|
||||||
CertFile: "client.crt",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
validateErr: "must have a CertFile, CAFile, and KeyFile",
|
|
||||||
},
|
|
||||||
"validate: not all TLS options provided-2": {
|
|
||||||
entry: &ServiceConfigEntry{
|
|
||||||
Kind: ServiceDefaults,
|
|
||||||
Name: "external",
|
|
||||||
Protocol: "tcp",
|
|
||||||
Endpoint: &EndpointConfig{
|
|
||||||
Address: "2001:db8::8a2e:370:7334/64",
|
|
||||||
Port: 443,
|
|
||||||
KeyFile: "tls.key",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
validateErr: "must have a CertFile, CAFile, and KeyFile",
|
|
||||||
},
|
|
||||||
"validate: all TLS options provided": {
|
|
||||||
entry: &ServiceConfigEntry{
|
|
||||||
Kind: ServiceDefaults,
|
|
||||||
Name: "external",
|
|
||||||
Protocol: "tcp",
|
|
||||||
Endpoint: &EndpointConfig{
|
|
||||||
Address: "2001:db8::8a2e:370:7334/64",
|
|
||||||
Port: 443,
|
|
||||||
CAFile: "ca.crt",
|
|
||||||
CertFile: "client.crt",
|
|
||||||
KeyFile: "tls.key",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
"validate: only providing ca file is allowed": {
|
|
||||||
entry: &ServiceConfigEntry{
|
|
||||||
Kind: ServiceDefaults,
|
|
||||||
Name: "external",
|
|
||||||
Protocol: "tcp",
|
|
||||||
Endpoint: &EndpointConfig{
|
|
||||||
Address: "2001:db8::8a2e:370:7334/64",
|
|
||||||
Port: 443,
|
|
||||||
CAFile: "ca.crt",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
"validate: wildcard is allowed for hostname": {
|
|
||||||
entry: &ServiceConfigEntry{
|
|
||||||
Kind: ServiceDefaults,
|
|
||||||
Name: "external",
|
|
||||||
Protocol: "tcp",
|
|
||||||
Endpoint: &EndpointConfig{
|
|
||||||
Address: "*.external.com",
|
|
||||||
Port: 443,
|
|
||||||
CAFile: "ca.crt",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
"validate: hostname": {
|
|
||||||
entry: &ServiceConfigEntry{
|
|
||||||
Kind: ServiceDefaults,
|
|
||||||
Name: "external",
|
|
||||||
Protocol: "tcp",
|
|
||||||
Endpoint: &EndpointConfig{
|
|
||||||
Address: "api.external.com",
|
|
||||||
Port: 443,
|
|
||||||
CAFile: "ca.crt",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
"validate: invalid hostname 1": {
|
"validate: invalid hostname 1": {
|
||||||
entry: &ServiceConfigEntry{
|
entry: &ServiceConfigEntry{
|
||||||
Kind: ServiceDefaults,
|
Kind: ServiceDefaults,
|
||||||
|
|
|
@ -186,21 +186,6 @@ type EndpointConfig struct {
|
||||||
|
|
||||||
// Port allowed within this endpoint
|
// Port allowed within this endpoint
|
||||||
Port int `json:",omitempty"`
|
Port int `json:",omitempty"`
|
||||||
|
|
||||||
// CAFile is the optional path to a CA certificate to use for TLS connections
|
|
||||||
// from the gateway to the linked service
|
|
||||||
CAFile string `json:",omitempty" alias:"ca_file"`
|
|
||||||
|
|
||||||
// CertFile is the optional path to a client certificate to use for TLS connections
|
|
||||||
// from the gateway to the linked service
|
|
||||||
CertFile string `json:",omitempty" alias:"cert_file"`
|
|
||||||
|
|
||||||
// KeyFile is the optional path to a private key to use for TLS connections
|
|
||||||
// from the gateway to the linked service
|
|
||||||
KeyFile string `json:",omitempty" alias:"key_file"`
|
|
||||||
|
|
||||||
// SNI is the optional name to specify during the TLS handshake with a linked service.
|
|
||||||
SNI string `json:",omitempty"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type PassiveHealthCheck struct {
|
type PassiveHealthCheck struct {
|
||||||
|
|
|
@ -532,11 +532,7 @@ func TestDecodeConfigEntry(t *testing.T) {
|
||||||
"Protocol": "http",
|
"Protocol": "http",
|
||||||
"Endpoint": {
|
"Endpoint": {
|
||||||
"Address": "1.2.3.4/24",
|
"Address": "1.2.3.4/24",
|
||||||
"Port": 443,
|
"Port": 443
|
||||||
"CAFile": "ca.pem",
|
|
||||||
"CertFile": "crt.pem",
|
|
||||||
"KeyFile": "key.pem",
|
|
||||||
"SNI": "external.com"
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
`,
|
`,
|
||||||
|
@ -545,12 +541,8 @@ func TestDecodeConfigEntry(t *testing.T) {
|
||||||
Name: "external",
|
Name: "external",
|
||||||
Protocol: "http",
|
Protocol: "http",
|
||||||
Endpoint: &EndpointConfig{
|
Endpoint: &EndpointConfig{
|
||||||
Address: "1.2.3.4/24",
|
Address: "1.2.3.4/24",
|
||||||
Port: 443,
|
Port: 443,
|
||||||
CAFile: "ca.pem",
|
|
||||||
CertFile: "crt.pem",
|
|
||||||
KeyFile: "key.pem",
|
|
||||||
SNI: "external.com",
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -491,7 +491,7 @@ func TestParseConfigEntry(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "service-defaults: kitchen sink",
|
name: "service-defaults: kitchen sink (upstreams edition)",
|
||||||
snake: `
|
snake: `
|
||||||
kind = "service-defaults"
|
kind = "service-defaults"
|
||||||
name = "main"
|
name = "main"
|
||||||
|
@ -792,6 +792,118 @@ func TestParseConfigEntry(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "service-defaults: kitchen sink (endpoint edition)",
|
||||||
|
snake: `
|
||||||
|
kind = "service-defaults"
|
||||||
|
name = "main"
|
||||||
|
meta {
|
||||||
|
"foo" = "bar"
|
||||||
|
"gir" = "zim"
|
||||||
|
}
|
||||||
|
protocol = "grpc"
|
||||||
|
mesh_gateway {
|
||||||
|
mode = "remote"
|
||||||
|
}
|
||||||
|
mode = "transparent"
|
||||||
|
transparent_proxy = {
|
||||||
|
outbound_listener_port = 10101
|
||||||
|
dialed_directly = true
|
||||||
|
}
|
||||||
|
endpoint = {
|
||||||
|
address = "10.0.0.0/16",
|
||||||
|
port = 443
|
||||||
|
}
|
||||||
|
`,
|
||||||
|
camel: `
|
||||||
|
Kind = "service-defaults"
|
||||||
|
Name = "main"
|
||||||
|
Meta {
|
||||||
|
"foo" = "bar"
|
||||||
|
"gir" = "zim"
|
||||||
|
}
|
||||||
|
Protocol = "grpc"
|
||||||
|
MeshGateway {
|
||||||
|
Mode = "remote"
|
||||||
|
}
|
||||||
|
Mode = "transparent"
|
||||||
|
TransparentProxy = {
|
||||||
|
outbound_listener_port = 10101
|
||||||
|
dialed_directly = true
|
||||||
|
}
|
||||||
|
Endpoint = {
|
||||||
|
Address = "10.0.0.0/16",
|
||||||
|
Port = 443
|
||||||
|
}
|
||||||
|
`,
|
||||||
|
snakeJSON: `
|
||||||
|
{
|
||||||
|
"kind": "service-defaults",
|
||||||
|
"name": "main",
|
||||||
|
"meta" : {
|
||||||
|
"foo": "bar",
|
||||||
|
"gir": "zim"
|
||||||
|
},
|
||||||
|
"protocol": "grpc",
|
||||||
|
"mesh_gateway": {
|
||||||
|
"mode": "remote"
|
||||||
|
},
|
||||||
|
"mode": "transparent",
|
||||||
|
"transparent_proxy": {
|
||||||
|
"outbound_listener_port": 10101,
|
||||||
|
"dialed_directly": true
|
||||||
|
},
|
||||||
|
"endpoint": {
|
||||||
|
"address": "10.0.0.0/16",
|
||||||
|
"port": 443
|
||||||
|
}
|
||||||
|
}
|
||||||
|
`,
|
||||||
|
camelJSON: `
|
||||||
|
{
|
||||||
|
"Kind": "service-defaults",
|
||||||
|
"Name": "main",
|
||||||
|
"Meta" : {
|
||||||
|
"foo": "bar",
|
||||||
|
"gir": "zim"
|
||||||
|
},
|
||||||
|
"Protocol": "grpc",
|
||||||
|
"MeshGateway": {
|
||||||
|
"Mode": "remote"
|
||||||
|
},
|
||||||
|
"Mode": "transparent",
|
||||||
|
"TransparentProxy": {
|
||||||
|
"OutboundListenerPort": 10101,
|
||||||
|
"DialedDirectly": true
|
||||||
|
},
|
||||||
|
"Endpoint": {
|
||||||
|
"Address": "10.0.0.0/16",
|
||||||
|
"Port": 443
|
||||||
|
}
|
||||||
|
}
|
||||||
|
`,
|
||||||
|
expect: &api.ServiceConfigEntry{
|
||||||
|
Kind: "service-defaults",
|
||||||
|
Name: "main",
|
||||||
|
Meta: map[string]string{
|
||||||
|
"foo": "bar",
|
||||||
|
"gir": "zim",
|
||||||
|
},
|
||||||
|
Protocol: "grpc",
|
||||||
|
MeshGateway: api.MeshGatewayConfig{
|
||||||
|
Mode: api.MeshGatewayModeRemote,
|
||||||
|
},
|
||||||
|
Mode: api.ProxyModeTransparent,
|
||||||
|
TransparentProxy: &api.TransparentProxyConfig{
|
||||||
|
OutboundListenerPort: 10101,
|
||||||
|
DialedDirectly: true,
|
||||||
|
},
|
||||||
|
Endpoint: &api.EndpointConfig{
|
||||||
|
Address: "10.0.0.0/16",
|
||||||
|
Port: 443,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "service-router: kitchen sink",
|
name: "service-router: kitchen sink",
|
||||||
snake: `
|
snake: `
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
FROM docker.mirror.hashicorp.services/fortio/fortio AS fortio
|
FROM docker.mirror.hashicorp.services/fortio/fortio AS fortio
|
||||||
|
|
||||||
FROM docker.mirror.hashicorp.services/bats/bats:1.6.0
|
FROM docker.mirror.hashicorp.services/bats/bats:1.7.0
|
||||||
|
|
||||||
RUN apk add curl
|
RUN apk add curl
|
||||||
RUN apk add openssl
|
RUN apk add openssl
|
||||||
|
|
Loading…
Reference in New Issue