mirror of https://github.com/hashicorp/consul
chore(test): Update bats version
parent
147fd96d97
commit
817449041d
|
@ -207,13 +207,6 @@ func (e *ServiceConfigEntry) Validate() error {
|
|||
if e.Endpoint.Port < 1 || e.Endpoint.Port > 65535 {
|
||||
validationErr = multierror.Append(validationErr, fmt.Errorf("Invalid Port number %d", e.Endpoint.Port))
|
||||
}
|
||||
|
||||
// If either client cert config file was specified then the CA file, client cert, and key file must be specified
|
||||
// Specifying only a CAFile is allowed for one-way TLS
|
||||
if (e.Endpoint.CertFile != "" || e.Endpoint.KeyFile != "") &&
|
||||
!(e.Endpoint.CAFile != "" && e.Endpoint.CertFile != "" && e.Endpoint.KeyFile != "") {
|
||||
validationErr = multierror.Append(validationErr, errors.New("Endpoint must have a CertFile, CAFile, and KeyFile specified for TLS origination"))
|
||||
}
|
||||
}
|
||||
|
||||
return validationErr
|
||||
|
@ -238,22 +231,6 @@ func validateEndpointAddress(address string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (e *ServiceConfigEntry) Warnings() []string {
|
||||
if e == nil {
|
||||
return nil
|
||||
}
|
||||
warnings := make([]string, 0)
|
||||
|
||||
if e.Endpoint != nil {
|
||||
if (e.Endpoint.CAFile != "" || e.Endpoint.CertFile != "" || e.Endpoint.KeyFile != "") && e.Endpoint.SNI == "" {
|
||||
warning := fmt.Sprintf("TLS is configured but SNI is not set for the endpoint. Enabling SNI is strongly recommended when using TLS.")
|
||||
warnings = append(warnings, warning)
|
||||
}
|
||||
}
|
||||
|
||||
return warnings
|
||||
}
|
||||
|
||||
func (e *ServiceConfigEntry) CanRead(authz acl.Authorizer) error {
|
||||
var authzContext acl.AuthorizerContext
|
||||
e.FillAuthzContext(&authzContext)
|
||||
|
@ -321,21 +298,6 @@ type EndpointConfig struct {
|
|||
|
||||
// Port allowed within this endpoint
|
||||
Port int `json:",omitempty"`
|
||||
|
||||
// CAFile is the optional path to a CA certificate to use for TLS connections
|
||||
// from the gateway to the linked service
|
||||
CAFile string `json:",omitempty" alias:"ca_file"`
|
||||
|
||||
// CertFile is the optional path to a client certificate to use for TLS connections
|
||||
// from the gateway to the linked service
|
||||
CertFile string `json:",omitempty" alias:"cert_file"`
|
||||
|
||||
// KeyFile is the optional path to a private key to use for TLS connections
|
||||
// from the gateway to the linked service
|
||||
KeyFile string `json:",omitempty" alias:"key_file"`
|
||||
|
||||
// SNI is the optional name to specify during the TLS handshake with a linked service.
|
||||
SNI string `json:",omitempty"`
|
||||
}
|
||||
|
||||
// ProxyConfigEntry is the top-level struct for global proxy configuration defaults.
|
||||
|
|
|
@ -436,10 +436,6 @@ func TestDecodeConfigEntry(t *testing.T) {
|
|||
endpoint {
|
||||
address = "1.2.3.4/24"
|
||||
port = 8080
|
||||
ca_file = "ca.pem"
|
||||
cert_file = "cert.pem"
|
||||
key_file = "key.pem"
|
||||
sni = "external.com"
|
||||
}
|
||||
`,
|
||||
camel: `
|
||||
|
@ -449,10 +445,6 @@ func TestDecodeConfigEntry(t *testing.T) {
|
|||
Endpoint {
|
||||
Address = "1.2.3.4/24"
|
||||
Port = 8080
|
||||
CAFile = "ca.pem"
|
||||
CertFile = "cert.pem"
|
||||
KeyFile = "key.pem"
|
||||
SNI = "external.com"
|
||||
}
|
||||
`,
|
||||
expect: &ServiceConfigEntry{
|
||||
|
@ -460,12 +452,8 @@ func TestDecodeConfigEntry(t *testing.T) {
|
|||
Name: "external",
|
||||
Protocol: "tcp",
|
||||
Endpoint: &EndpointConfig{
|
||||
Address: "1.2.3.4/24",
|
||||
Port: 8080,
|
||||
CAFile: "ca.pem",
|
||||
CertFile: "cert.pem",
|
||||
KeyFile: "key.pem",
|
||||
SNI: "external.com",
|
||||
Address: "1.2.3.4/24",
|
||||
Port: 8080,
|
||||
},
|
||||
},
|
||||
},
|
||||
|
@ -2511,82 +2499,6 @@ func TestServiceConfigEntry(t *testing.T) {
|
|||
},
|
||||
validateErr: "Invalid Port number",
|
||||
},
|
||||
"validate: not all TLS options provided-1": {
|
||||
entry: &ServiceConfigEntry{
|
||||
Kind: ServiceDefaults,
|
||||
Name: "external",
|
||||
Protocol: "tcp",
|
||||
Endpoint: &EndpointConfig{
|
||||
Address: "2001:db8::8a2e:370:7334/64",
|
||||
Port: 443,
|
||||
CertFile: "client.crt",
|
||||
},
|
||||
},
|
||||
validateErr: "must have a CertFile, CAFile, and KeyFile",
|
||||
},
|
||||
"validate: not all TLS options provided-2": {
|
||||
entry: &ServiceConfigEntry{
|
||||
Kind: ServiceDefaults,
|
||||
Name: "external",
|
||||
Protocol: "tcp",
|
||||
Endpoint: &EndpointConfig{
|
||||
Address: "2001:db8::8a2e:370:7334/64",
|
||||
Port: 443,
|
||||
KeyFile: "tls.key",
|
||||
},
|
||||
},
|
||||
validateErr: "must have a CertFile, CAFile, and KeyFile",
|
||||
},
|
||||
"validate: all TLS options provided": {
|
||||
entry: &ServiceConfigEntry{
|
||||
Kind: ServiceDefaults,
|
||||
Name: "external",
|
||||
Protocol: "tcp",
|
||||
Endpoint: &EndpointConfig{
|
||||
Address: "2001:db8::8a2e:370:7334/64",
|
||||
Port: 443,
|
||||
CAFile: "ca.crt",
|
||||
CertFile: "client.crt",
|
||||
KeyFile: "tls.key",
|
||||
},
|
||||
},
|
||||
},
|
||||
"validate: only providing ca file is allowed": {
|
||||
entry: &ServiceConfigEntry{
|
||||
Kind: ServiceDefaults,
|
||||
Name: "external",
|
||||
Protocol: "tcp",
|
||||
Endpoint: &EndpointConfig{
|
||||
Address: "2001:db8::8a2e:370:7334/64",
|
||||
Port: 443,
|
||||
CAFile: "ca.crt",
|
||||
},
|
||||
},
|
||||
},
|
||||
"validate: wildcard is allowed for hostname": {
|
||||
entry: &ServiceConfigEntry{
|
||||
Kind: ServiceDefaults,
|
||||
Name: "external",
|
||||
Protocol: "tcp",
|
||||
Endpoint: &EndpointConfig{
|
||||
Address: "*.external.com",
|
||||
Port: 443,
|
||||
CAFile: "ca.crt",
|
||||
},
|
||||
},
|
||||
},
|
||||
"validate: hostname": {
|
||||
entry: &ServiceConfigEntry{
|
||||
Kind: ServiceDefaults,
|
||||
Name: "external",
|
||||
Protocol: "tcp",
|
||||
Endpoint: &EndpointConfig{
|
||||
Address: "api.external.com",
|
||||
Port: 443,
|
||||
CAFile: "ca.crt",
|
||||
},
|
||||
},
|
||||
},
|
||||
"validate: invalid hostname 1": {
|
||||
entry: &ServiceConfigEntry{
|
||||
Kind: ServiceDefaults,
|
||||
|
|
|
@ -186,21 +186,6 @@ type EndpointConfig struct {
|
|||
|
||||
// Port allowed within this endpoint
|
||||
Port int `json:",omitempty"`
|
||||
|
||||
// CAFile is the optional path to a CA certificate to use for TLS connections
|
||||
// from the gateway to the linked service
|
||||
CAFile string `json:",omitempty" alias:"ca_file"`
|
||||
|
||||
// CertFile is the optional path to a client certificate to use for TLS connections
|
||||
// from the gateway to the linked service
|
||||
CertFile string `json:",omitempty" alias:"cert_file"`
|
||||
|
||||
// KeyFile is the optional path to a private key to use for TLS connections
|
||||
// from the gateway to the linked service
|
||||
KeyFile string `json:",omitempty" alias:"key_file"`
|
||||
|
||||
// SNI is the optional name to specify during the TLS handshake with a linked service.
|
||||
SNI string `json:",omitempty"`
|
||||
}
|
||||
|
||||
type PassiveHealthCheck struct {
|
||||
|
|
|
@ -532,11 +532,7 @@ func TestDecodeConfigEntry(t *testing.T) {
|
|||
"Protocol": "http",
|
||||
"Endpoint": {
|
||||
"Address": "1.2.3.4/24",
|
||||
"Port": 443,
|
||||
"CAFile": "ca.pem",
|
||||
"CertFile": "crt.pem",
|
||||
"KeyFile": "key.pem",
|
||||
"SNI": "external.com"
|
||||
"Port": 443
|
||||
}
|
||||
}
|
||||
`,
|
||||
|
@ -545,12 +541,8 @@ func TestDecodeConfigEntry(t *testing.T) {
|
|||
Name: "external",
|
||||
Protocol: "http",
|
||||
Endpoint: &EndpointConfig{
|
||||
Address: "1.2.3.4/24",
|
||||
Port: 443,
|
||||
CAFile: "ca.pem",
|
||||
CertFile: "crt.pem",
|
||||
KeyFile: "key.pem",
|
||||
SNI: "external.com",
|
||||
Address: "1.2.3.4/24",
|
||||
Port: 443,
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
|
@ -491,7 +491,7 @@ func TestParseConfigEntry(t *testing.T) {
|
|||
},
|
||||
},
|
||||
{
|
||||
name: "service-defaults: kitchen sink",
|
||||
name: "service-defaults: kitchen sink (upstreams edition)",
|
||||
snake: `
|
||||
kind = "service-defaults"
|
||||
name = "main"
|
||||
|
@ -792,6 +792,118 @@ func TestParseConfigEntry(t *testing.T) {
|
|||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "service-defaults: kitchen sink (endpoint edition)",
|
||||
snake: `
|
||||
kind = "service-defaults"
|
||||
name = "main"
|
||||
meta {
|
||||
"foo" = "bar"
|
||||
"gir" = "zim"
|
||||
}
|
||||
protocol = "grpc"
|
||||
mesh_gateway {
|
||||
mode = "remote"
|
||||
}
|
||||
mode = "transparent"
|
||||
transparent_proxy = {
|
||||
outbound_listener_port = 10101
|
||||
dialed_directly = true
|
||||
}
|
||||
endpoint = {
|
||||
address = "10.0.0.0/16",
|
||||
port = 443
|
||||
}
|
||||
`,
|
||||
camel: `
|
||||
Kind = "service-defaults"
|
||||
Name = "main"
|
||||
Meta {
|
||||
"foo" = "bar"
|
||||
"gir" = "zim"
|
||||
}
|
||||
Protocol = "grpc"
|
||||
MeshGateway {
|
||||
Mode = "remote"
|
||||
}
|
||||
Mode = "transparent"
|
||||
TransparentProxy = {
|
||||
outbound_listener_port = 10101
|
||||
dialed_directly = true
|
||||
}
|
||||
Endpoint = {
|
||||
Address = "10.0.0.0/16",
|
||||
Port = 443
|
||||
}
|
||||
`,
|
||||
snakeJSON: `
|
||||
{
|
||||
"kind": "service-defaults",
|
||||
"name": "main",
|
||||
"meta" : {
|
||||
"foo": "bar",
|
||||
"gir": "zim"
|
||||
},
|
||||
"protocol": "grpc",
|
||||
"mesh_gateway": {
|
||||
"mode": "remote"
|
||||
},
|
||||
"mode": "transparent",
|
||||
"transparent_proxy": {
|
||||
"outbound_listener_port": 10101,
|
||||
"dialed_directly": true
|
||||
},
|
||||
"endpoint": {
|
||||
"address": "10.0.0.0/16",
|
||||
"port": 443
|
||||
}
|
||||
}
|
||||
`,
|
||||
camelJSON: `
|
||||
{
|
||||
"Kind": "service-defaults",
|
||||
"Name": "main",
|
||||
"Meta" : {
|
||||
"foo": "bar",
|
||||
"gir": "zim"
|
||||
},
|
||||
"Protocol": "grpc",
|
||||
"MeshGateway": {
|
||||
"Mode": "remote"
|
||||
},
|
||||
"Mode": "transparent",
|
||||
"TransparentProxy": {
|
||||
"OutboundListenerPort": 10101,
|
||||
"DialedDirectly": true
|
||||
},
|
||||
"Endpoint": {
|
||||
"Address": "10.0.0.0/16",
|
||||
"Port": 443
|
||||
}
|
||||
}
|
||||
`,
|
||||
expect: &api.ServiceConfigEntry{
|
||||
Kind: "service-defaults",
|
||||
Name: "main",
|
||||
Meta: map[string]string{
|
||||
"foo": "bar",
|
||||
"gir": "zim",
|
||||
},
|
||||
Protocol: "grpc",
|
||||
MeshGateway: api.MeshGatewayConfig{
|
||||
Mode: api.MeshGatewayModeRemote,
|
||||
},
|
||||
Mode: api.ProxyModeTransparent,
|
||||
TransparentProxy: &api.TransparentProxyConfig{
|
||||
OutboundListenerPort: 10101,
|
||||
DialedDirectly: true,
|
||||
},
|
||||
Endpoint: &api.EndpointConfig{
|
||||
Address: "10.0.0.0/16",
|
||||
Port: 443,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "service-router: kitchen sink",
|
||||
snake: `
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
FROM docker.mirror.hashicorp.services/fortio/fortio AS fortio
|
||||
|
||||
FROM docker.mirror.hashicorp.services/bats/bats:1.6.0
|
||||
FROM docker.mirror.hashicorp.services/bats/bats:1.7.0
|
||||
|
||||
RUN apk add curl
|
||||
RUN apk add openssl
|
||||
|
|
Loading…
Reference in New Issue