diff options
author | Nick Thomas <nick@gitlab.com> | 2018-03-22 22:47:00 +0300 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2018-03-23 20:36:55 +0300 |
commit | 5d09250074dc6023e130cc55087eda27a6a18d8c (patch) | |
tree | cfa20d9979f3532967ab091501eacc75d4c40351 | |
parent | 97642f739578111172355deaae46315a2626f5ae (diff) |
Use the certificate fixture in the artifacts server tests
-rw-r--r-- | acceptance_test.go | 39 | ||||
-rw-r--r-- | helpers_test.go | 76 |
2 files changed, 74 insertions, 41 deletions
diff --git a/acceptance_test.go b/acceptance_test.go index a7547530..01403b80 100644 --- a/acceptance_test.go +++ b/acceptance_test.go @@ -1,7 +1,7 @@ package main import ( - "encoding/pem" + "crypto/tls" "fmt" "io/ioutil" "mime" @@ -351,7 +351,7 @@ func TestArtifactProxyRequest(t *testing.T) { content := "<!DOCTYPE html><html><head><title>Title of the document</title></head><body></body></html>" contentLength := int64(len(content)) - testServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + testServer := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { switch r.URL.RawPath { case "/api/v4/projects/group%2Fproject/jobs/1/artifacts/delayed_200.html": time.Sleep(2 * time.Second) @@ -371,17 +371,16 @@ func TestArtifactProxyRequest(t *testing.T) { fmt.Fprint(w, content) } })) - defer testServer.Close() - require.NotEmpty(t, testServer.TLS.Certificates, "testserver must implement TLS") - require.NotEmpty(t, testServer.TLS.Certificates[0].Certificate, "testserver TLS config has no certificates") - artifactsCert := testServer.TLS.Certificates[0].Certificate[0] - pemCert, err := ioutil.TempFile("", "test-server-cert") - require.NoError(t, err) - defer os.Remove(pemCert.Name()) - err = pem.Encode(pemCert, &pem.Block{Type: "CERTIFICATE", Bytes: artifactsCert}) + keyFile, certFile := CreateHTTPSFixtureFiles(t) + cert, err := tls.LoadX509KeyPair(certFile, keyFile) require.NoError(t, err) - pemCert.Close() + defer os.Remove(keyFile) + defer os.Remove(certFile) + + testServer.TLS = &tls.Config{Certificates: []tls.Certificate{cert}} + testServer.StartTLS() + defer testServer.Close() cases := []struct { Host string @@ -451,15 +450,31 @@ func TestArtifactProxyRequest(t *testing.T) { }, } + // Ensure the IP address is used in the URL, as we're relying on IP SANs to + // validate + artifactServerURL := testServer.URL + "/api/v4" + t.Log("Artifact server URL", artifactServerURL) + for _, c := range cases { t.Run(fmt.Sprintf("Proxy Request Test: %s", c.Description), func(t *testing.T) { - teardown := RunPagesProcessWithSSLCertFile(t, *pagesBinary, listeners, "", pemCert.Name(), "-artifacts-server="+testServer.URL+"/api/v4", c.BinaryOption) + teardown := RunPagesProcessWithSSLCertFile( + t, + *pagesBinary, + listeners, + "", + certFile, + "-artifacts-server="+artifactServerURL, + c.BinaryOption, + ) defer teardown() + resp, err := GetPageFromListener(t, httpListener, c.Host, c.Path) require.NoError(t, err) defer resp.Body.Close() + assert.Equal(t, c.Status, resp.StatusCode) assert.Equal(t, c.ContentType, resp.Header.Get("Content-Type")) + if !((c.Status == http.StatusBadGateway) || (c.Status == http.StatusNotFound) || (c.Status == http.StatusInternalServerError)) { body, err := ioutil.ReadAll(resp.Body) require.NoError(t, err) diff --git a/helpers_test.go b/helpers_test.go index 97374d19..dd74fca1 100644 --- a/helpers_test.go +++ b/helpers_test.go @@ -53,37 +53,53 @@ var InsecureHTTPSClient = &http.Client{ } var CertificateFixture = `-----BEGIN CERTIFICATE----- -MIICWDCCAcGgAwIBAgIJAMyzCfoGEwVNMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV -BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQwHhcNMTYwMjExMTcxNzM2WhcNMjYwMjA4MTcxNzM2WjBF -MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 -ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB -gQC2ZSzGIlv2zRsELkmEA1JcvIdsFv80b0NbBftewDAQRuyPlhGNifFx6v7+3O1F -5+f+So43N0QbdrHu11K+ZuXNc6hUy0ofG/eRqXniGZEn8paUdQ98sWsbWelBDNeg -WX4FQomynjyxbG+3IuJR5UHoLWhrJ9+pbPrT915eObbaTQIDAQABo1AwTjAdBgNV -HQ4EFgQUGAhDu+gfckg4IkHRCQWBn4ltKV4wHwYDVR0jBBgwFoAUGAhDu+gfckg4 -IkHRCQWBn4ltKV4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAaGx5U -JRW5HC9dXADLf9OnmJRqWi3VNXEXWFk5XgHKc1z7KIBWMsdj+1gzm5ltRO7hkHw9 -bx6jQKZBRiUxyqTFw9Ywrk1fYFAxk8hxuqVYcGdonImJarHZTdVMBRWut9+EZBVm -77eYbz2zASNpy++QIg85YgQum9uqREClHRBsxQ== +MIIDPDCCAiSgAwIBAgIRAJxeIG2dasNCFzigvI3rSSowDQYJKoZIhvcNAQELBQAw +MzEUMBIGA1UEChMLTG9nIENvdXJpZXIxGzAZBgNVBAMTEmdpdGxhYi1leGFtcGxl +LmNvbTAgFw0xODAzMjIxOTE5MjZaGA8yMTE4MDIyNjE5MTkyNlowMzEUMBIGA1UE +ChMLTG9nIENvdXJpZXIxGzAZBgNVBAMTEmdpdGxhYi1leGFtcGxlLmNvbTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKHXQX7TsNTybojzmSzCwC8Hgk21 +VjIZT0aGZAGaQXL9npYq3ic+hIuWO8xid5KoTQJV4SNS+kB5nr4kTfrRbGVo7RWF +P1HZ5TZoeWPngyz82eYGaiLan4oSzE5wvPcHk90/CLeO/OeILy9w6Q+Ns9vR87RZ +iaVMivi6MWT/kRGy9KzvKFQKxxfReXAqoKyUk+SSP9vJ5ujX0vvIye9fn0glN2oM +nR/M4LjXNNJiV+J5rYsek8DL5PrRWWChMP+I+JFhUc4aVI/aqkBCnluxIamS5iLt +035Q7laqfOKrB3/SI9AEQm5XrYtUBH0LtFOphzXVR1hYeDHr8Df1gBM6YjECAwEA +AaNJMEcwDgYDVR0PAQH/BAQDAgKkMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1Ud +EwEB/wQFMAMBAf8wDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEA +RbJQf+dpgSGnCgHzX0bmESo2RUghFdsZ9RmLOqcIFEPaMLAwUyPsI2UL1bSv9FtW +BVIOgmNUQexOgJ3rIpKUp3Nbbr7QXDaoyC2teL6NMiYuIM3czX7zU5vhTduLpWEF +yPSC+5jLksFayhNTDmZHc8jcpuTLBg48iPQQjy84jfCv0PVvQ7TuXYRVgMb7PuHo +aqH4xpoFHutMUSuIo1naiHjw8wwC+UvFuS1FUowLxWzreOW43vp026SGeoCldKYY +p+e6LzsqwyIK3BuWJ+2cH4UyCt8Dp758sNZHDoBLKMx8ZpA+Y1WzVohLxk5yEQkl +QXUumHMXqybXNEi7PPsznw== -----END CERTIFICATE-----` -var KeyFixture = `-----BEGIN PRIVATE KEY----- -MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALZlLMYiW/bNGwQu -SYQDUly8h2wW/zRvQ1sF+17AMBBG7I+WEY2J8XHq/v7c7UXn5/5Kjjc3RBt2se7X -Ur5m5c1zqFTLSh8b95GpeeIZkSfylpR1D3yxaxtZ6UEM16BZfgVCibKePLFsb7ci -4lHlQegtaGsn36ls+tP3Xl45ttpNAgMBAAECgYAAqZFmDs3isY/9jeV6c0CjUZP0 -UokOubC27eihyXTjOj61rsfVicC0tzPB3S+HZ3YyODcYAD1hFCdFRMbqJhmDiewK -5GfATdNQeNARCfJdjYn57NKaXm7rc4C3so1YfxTL6k9QGJgTcybXiClQPDrhkZt3 -YLIeeJbY3OppLqjzgQJBAN5AzwyUqX5eQIUncQKcFY0PIjfFTku62brT7hq+TlqY -1B6n3GUtIX+tyYg1qusy4KUUSzMslXJubHsxKanGqZ0CQQDSFwzK7KEYoZol5OMX -mRsavc3iXmmEkkNRdNb1R4UqrlasPeeIeO1CfoD2RPcQhZCwFtR8xS8u6X9ncfC4 -qyxxAkAhpQvy6ppR7/Cyd4sLCxfUF8NlT/APVMTbHHQCBmcUHeiWj3C0vEVC78r/ -XKh4HGaXdt//ajNhdEflykZ1VgadAkB6Zh934mEA3rXWOgHsb7EQ5WAb8HF9YVGD -FZVfFaoJ8cRhWTeZlQp14Qn1cLyYjZh8XvCxOJiCtlsZw5JBpMihAkBA6ltWb+aZ -EBjC8ZRwZE+cAzmxaYPSs2J7JhS7X7H7Ax7ShhvHI4br3nqf00H4LkvtcHkn5d9G -MwE1w2r4Deww ------END PRIVATE KEY-----` +var KeyFixture = `-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAoddBftOw1PJuiPOZLMLALweCTbVWMhlPRoZkAZpBcv2elire +Jz6Ei5Y7zGJ3kqhNAlXhI1L6QHmeviRN+tFsZWjtFYU/UdnlNmh5Y+eDLPzZ5gZq +ItqfihLMTnC89weT3T8It47854gvL3DpD42z29HztFmJpUyK+LoxZP+REbL0rO8o +VArHF9F5cCqgrJST5JI/28nm6NfS+8jJ71+fSCU3agydH8zguNc00mJX4nmtix6T +wMvk+tFZYKEw/4j4kWFRzhpUj9qqQEKeW7EhqZLmIu3TflDuVqp84qsHf9Ij0ARC +bleti1QEfQu0U6mHNdVHWFh4MevwN/WAEzpiMQIDAQABAoIBABK3TQi4vHtz6dqG +qVEm2IjXynboIKa8jJFwW0JgL2936w4cuQI61aM65YF2ZbOdKQK7IcUvBGfOaNA+ +bJI0A+AaaUiS10bE9x/6pwcpr97VAvH6De4n8ElMcTolCYVb5/qvHnfz3kV8V1Ca +MymsTn9+YTubGzL1jiDDj5DJiWJNa6XqJqF9eh4B7nxnrjO8T3NMTI3lvyg/Nkrx +6l0qhEG+Eu1Gdzv8t1mTb4wcz1lpC152oMtFZqgWEjMHjZryVgjPq8t25b8OhZk3 +e8sYX0JcqHZl/zqVlLoxQbSmH8/ePLH1Si5RFMxxQKhRgp2I068Us15rt2k0PnMh +C6y1w1ECgYEAw1b8lLtvtm4NrBcqD0THYs+35ua2B23MxoksasvTlpG7Je3HSf6M +tOIcv32cLjh4/Q1lnzdrO3lOzzDVHcKRXuUSI9C7CUFhnAKLY/0d255RjG7Hm+vv +OyRXJYIli6+m/fzu/97Eyjs08DO+Rg/ONu+UqWlusSvEwl93Z2u7hn0CgYEA1Bkw +RQqrOVlFdRv+jfraBVpO2enRzWBHZA+0AWdGZ3vMkyVHxfVOyRjfPOd1N1YnTfqH +1X+b+lpWULpLH/SVeidWSUcEhtuew1TRGexmz3XCN7i6PiwtXjhOAgY9YwVMiOMy +CKVIrL6bJAqJwniRiTn6aXj+L0xJcPL1GemMtMUCgYEAsPGJyJxk3CaioeE1yzDt +P5eTKUiRWPdgB/NX1cGef4SwtvHFlURMZslvaxI4ODIVfnv1Mp07uFrxRYMheVy2 +2/O6U9EOq5qa9XvkkgVFV5v4mLH8hEPap4MKocJbikXpiablQ8eiEOJC2Na2I7bL +gD3TNwZ3K2vPRpa9jWQsMO0CgYEAy3oSxdmzZIRRT0V5E4raCJKX3RUlcstwEf3C +qioC8Bpjq7LzRWXOnLxgxlQjLuBXOscj813GLQrnjfD7S3/gu1zruccI/7vIdwpy +xFT4WQVXOw/clPLa325S4DxOPiYCQ7z67jJrI1aFDbGSceArdyQJKZCrAoNEXbio +DaDynSUCgYBCaM4rHpfkpCgOCtZg+hbwrmYbpRiZ6LJRi5t8M5c5ERUh8rlvADBv +S3Tg9fq/TkV8IZKsIjc2Rgs49+/XdlNZdUE59Z/t/OzXv8DylGt5E0YH4kN8qd6e +zTa+zLrR664UL7KDXSZuY+kHfsQQwxvsGcQma7ig1PUjlPhKLfYrRQ== +-----END RSA PRIVATE KEY-----` func CreateHTTPSFixtureFiles(t *testing.T) (key string, cert string) { keyfile, err := ioutil.TempFile("", "https-fixture") @@ -211,6 +227,8 @@ func runPagesProcess(t *testing.T, wait bool, pagesPath string, listeners []List func getPagesArgs(t *testing.T, listeners []ListenSpec, promPort string, extraArgs []string) (args, tempfiles []string) { var hasHTTPS bool + args = append(args, "-log-verbose=true") + for _, spec := range listeners { args = append(args, "-listen-"+spec.Type, spec.JoinHostPort()) |