91 lines
2.7 KiB
Go
91 lines
2.7 KiB
Go
package webingress
|
|
|
|
import (
|
|
"context"
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/x509"
|
|
"crypto/x509/pkix"
|
|
"encoding/pem"
|
|
"math/big"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
func TestManagerStartsHTTPSWhenCertificateProvided(t *testing.T) {
|
|
dir := t.TempDir()
|
|
certFile, keyFile := writeSelfSignedCert(t, dir)
|
|
manager := NewManager()
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
defer cancel()
|
|
|
|
status := manager.Apply(ctx, ListenerConfig{
|
|
RuntimeConfig: RuntimeConfig{ServiceType: "admin-ingress", Scope: "platform", ServiceClasses: []string{"platform_admin"}},
|
|
HTTPSAddr: "127.0.0.1:0",
|
|
TLSCertFile: certFile,
|
|
TLSKeyFile: keyFile,
|
|
})
|
|
if !status.HTTPSRunning || !status.Running || status.HTTPSAddr == "" || len(status.Errors) != 0 {
|
|
t.Fatalf("status = %+v", status)
|
|
}
|
|
}
|
|
|
|
func TestManagerDoesNotStartHTTPWithoutExplicitAddress(t *testing.T) {
|
|
dir := t.TempDir()
|
|
certFile, keyFile := writeSelfSignedCert(t, dir)
|
|
manager := NewManager()
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
defer cancel()
|
|
|
|
status := manager.Apply(ctx, ListenerConfig{
|
|
RuntimeConfig: RuntimeConfig{ServiceType: "admin-ingress", Scope: "platform", ServiceClasses: []string{"platform_admin"}},
|
|
HTTPSAddr: "127.0.0.1:0",
|
|
TLSCertFile: certFile,
|
|
TLSKeyFile: keyFile,
|
|
})
|
|
if !status.HTTPSRunning || !status.Running || status.HTTPSAddr == "" || len(status.Errors) != 0 {
|
|
t.Fatalf("status = %+v", status)
|
|
}
|
|
}
|
|
|
|
func writeSelfSignedCert(t *testing.T, dir string) (string, string) {
|
|
t.Helper()
|
|
key, err := rsa.GenerateKey(rand.Reader, 2048)
|
|
if err != nil {
|
|
t.Fatalf("generate key: %v", err)
|
|
}
|
|
template := x509.Certificate{
|
|
SerialNumber: big.NewInt(1),
|
|
Subject: pkix.Name{CommonName: "localhost"},
|
|
NotBefore: time.Now().Add(-time.Hour),
|
|
NotAfter: time.Now().Add(time.Hour),
|
|
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
|
|
DNSNames: []string{"localhost"},
|
|
}
|
|
der, err := x509.CreateCertificate(rand.Reader, &template, &template, &key.PublicKey, key)
|
|
if err != nil {
|
|
t.Fatalf("create cert: %v", err)
|
|
}
|
|
certFile := filepath.Join(dir, "cert.pem")
|
|
keyFile := filepath.Join(dir, "key.pem")
|
|
if err := os.WriteFile(certFile, pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: der}), 0o600); err != nil {
|
|
t.Fatalf("write cert: %v", err)
|
|
}
|
|
if err := os.WriteFile(keyFile, pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)}), 0o600); err != nil {
|
|
t.Fatalf("write key: %v", err)
|
|
}
|
|
return certFile, keyFile
|
|
}
|
|
|
|
func containsError(values []string, needle string) bool {
|
|
for _, value := range values {
|
|
if value == needle || strings.Contains(value, needle) {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|