Refactor RDP proxy handling and update related tests

2026-05-17 20:38:35 +03:00
parent 8e9402580f
commit d551e57fd5
172 changed files with 22117 additions and 2509 deletions
@@ -0,0 +1,105 @@
+package webingress
+
+import (
+	"context"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"math/big"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+	"time"
+)
+
+func TestManagerStartsHTTPRedirectAndStops(t *testing.T) {
+	manager := NewManager()
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	status := manager.Apply(ctx, ListenerConfig{
+		RuntimeConfig: RuntimeConfig{ServiceType: "admin-ingress", Scope: "platform", ServiceClasses: []string{"platform_admin"}},
+		HTTPAddr:      "127.0.0.1:0",
+		HTTPSAddr:     "127.0.0.1:0",
+	})
+	if !status.HTTPRunning || status.HTTPSRunning || !status.Running || status.HTTPAddr == "" {
+		t.Fatalf("status = %+v", status)
+	}
+	if status.Reason != "partial" || !containsError(status.Errors, "https:tls_cert_file_and_key_file_required") {
+		t.Fatalf("status = %+v", status)
+	}
+	client := &http.Client{CheckRedirect: func(*http.Request, []*http.Request) error { return http.ErrUseLastResponse }}
+	resp, err := client.Get("http://" + status.HTTPAddr + "/cluster-admin")
+	if err != nil {
+		t.Fatalf("http get: %v", err)
+	}
+	_ = resp.Body.Close()
+	if resp.StatusCode != http.StatusPermanentRedirect {
+		t.Fatalf("status = %d", resp.StatusCode)
+	}
+	stopped := manager.Stop(context.Background())
+	if stopped.Running || stopped.Reason != "stopped" {
+		t.Fatalf("stopped = %+v", stopped)
+	}
+}
+
+func TestManagerStartsHTTPSWhenCertificateProvided(t *testing.T) {
+	dir := t.TempDir()
+	certFile, keyFile := writeSelfSignedCert(t, dir)
+	manager := NewManager()
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	status := manager.Apply(ctx, ListenerConfig{
+		RuntimeConfig: RuntimeConfig{ServiceType: "admin-ingress", Scope: "platform", ServiceClasses: []string{"platform_admin"}},
+		HTTPAddr:      "127.0.0.1:0",
+		HTTPSAddr:     "127.0.0.1:0",
+		TLSCertFile:   certFile,
+		TLSKeyFile:    keyFile,
+	})
+	if !status.HTTPRunning || !status.HTTPSRunning || status.HTTPAddr == "" || status.HTTPSAddr == "" || len(status.Errors) != 0 {
+		t.Fatalf("status = %+v", status)
+	}
+}
+
+func writeSelfSignedCert(t *testing.T, dir string) (string, string) {
+	t.Helper()
+	key, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		t.Fatalf("generate key: %v", err)
+	}
+	template := x509.Certificate{
+		SerialNumber: big.NewInt(1),
+		Subject:      pkix.Name{CommonName: "localhost"},
+		NotBefore:    time.Now().Add(-time.Hour),
+		NotAfter:     time.Now().Add(time.Hour),
+		KeyUsage:     x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		DNSNames:     []string{"localhost"},
+	}
+	der, err := x509.CreateCertificate(rand.Reader, &template, &template, &key.PublicKey, key)
+	if err != nil {
+		t.Fatalf("create cert: %v", err)
+	}
+	certFile := filepath.Join(dir, "cert.pem")
+	keyFile := filepath.Join(dir, "key.pem")
+	if err := os.WriteFile(certFile, pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: der}), 0o600); err != nil {
+		t.Fatalf("write cert: %v", err)
+	}
+	if err := os.WriteFile(keyFile, pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)}), 0o600); err != nil {
+		t.Fatalf("write key: %v", err)
+	}
+	return certFile, keyFile
+}
+
+func containsError(values []string, needle string) bool {
+	for _, value := range values {
+		if value == needle || strings.Contains(value, needle) {
+			return true
+		}
+	}
+	return false
+}