Merge branch 'feat/gitlabstub-tls' into 'master'

feat: add tls support to gitlab stub server

See merge request gitlab-org/gitlab-pages!809

6 files changed, 68 insertions, 27 deletions

diff --git a/test/acceptance/artifacts_test.go b/test/acceptance/artifacts_test.go
index e56a1390..6283d896 100644
--- a/test/acceptance/artifacts_test.go
+++ b/test/acceptance/artifacts_test.go
@@ -150,20 +150,6 @@ func TestArtifactProxyRequest(t *testing.T) {
 }
 
 func TestPrivateArtifactProxyRequest(t *testing.T) {
-	testServer, err := gitlabstub.NewUnstartedServer()
-	require.NoError(t, err)
-
-	keyFile, certFile := CreateHTTPSFixtureFiles(t)
-	cert, err := tls.LoadX509KeyPair(certFile, keyFile)
-	require.NoError(t, err)
-
-	testServer.TLS = &tls.Config{Certificates: []tls.Certificate{cert}}
-	testServer.StartTLS()
-
-	t.Cleanup(func() {
-		testServer.Close()
-	})
-
 	tests := []struct {
 		name   string
 		host   string
@@ -202,23 +188,22 @@ func TestPrivateArtifactProxyRequest(t *testing.T) {
 		},
 	}
 
-	// Ensure the IP address is used in the URL, as we're relying on IP SANs to
-	// validate
-	artifactServerURL := testServer.URL + "/api/v4"
-	t.Log("Artifact server URL", artifactServerURL)
+	configFile := defaultConfigFileWith(t)
 
-	configFile := defaultConfigFileWith(t,
-		"gitlab-server="+testServer.URL,
-		"artifacts-server="+artifactServerURL,
-		"auth-redirect-uri=https://projects.gitlab-example.com/auth",
-		"artifacts-server-timeout=1")
+	keyFile, certFile := CreateHTTPSFixtureFiles(t)
+	cert, err := tls.LoadX509KeyPair(certFile, keyFile)
+	require.NoError(t, err)
 
 	RunPagesProcess(t,
 		withListeners([]ListenSpec{httpsListener}),
 		withArguments([]string{
 			"-config=" + configFile,
 		}),
+		withPublicServer,
+		withExtraArgument("auth-redirect-uri", "https://projects.gitlab-example.com/auth"),
+		withExtraArgument("artifacts-server-timeout", "1"),
 		withEnv([]string{"SSL_CERT_FILE=" + certFile}),
+		withStubOptions(gitlabstub.WithCertificate(cert)),
 	)
 
 	for _, tt := range tests {
diff --git a/test/acceptance/helpers_test.go b/test/acceptance/helpers_test.go
index 5ee409bf..ba6443e0 100644
--- a/test/acceptance/helpers_test.go
+++ b/test/acceptance/helpers_test.go
@@ -250,7 +250,12 @@ func RunPagesProcess(t *testing.T, opts ...processOption) *LogCaptureBuffer {
 
 	source, err := gitlabstub.NewUnstartedServer(processCfg.gitlabStubOpts...)
 	require.NoError(t, err)
-	source.Start()
+
+	if source.TLS != nil {
+		source.StartTLS()
+	} else {
+		source.Start()
+	}
 
 	gitLabAPISecretKey := CreateGitLabAPISecretKeyFixtureFile(t)
 	processCfg.extraArgs = append(
@@ -260,6 +265,10 @@ func RunPagesProcess(t *testing.T, opts ...processOption) *LogCaptureBuffer {
 		"-api-secret-key", gitLabAPISecretKey,
 	)
 
+	if processCfg.publicServer {
+		processCfg.extraArgs = append(processCfg.extraArgs, "-gitlab-server", source.URL)
+	}
+
 	logBuf, cleanup := runPagesProcess(t, processCfg.wait, processCfg.pagesBinary, processCfg.listeners, "", processCfg.envs, processCfg.extraArgs...)
 
 	t.Cleanup(func() {
diff --git a/test/acceptance/stub_test.go b/test/acceptance/stub_test.go
index 3d54b4d4..e65a86cc 100644
--- a/test/acceptance/stub_test.go
+++ b/test/acceptance/stub_test.go
@@ -27,6 +27,7 @@ type processConfig struct {
 	envs           []string
 	extraArgs      []string
 	gitlabStubOpts []gitlabstub.Option
+	publicServer   bool
 }
 
 type processOption func(*processConfig)
@@ -52,12 +53,17 @@ func withExtraArgument(key, value string) processOption {
 		config.extraArgs = append(config.extraArgs, fmt.Sprintf("-%s=%s", key, value))
 	}
 }
+
 func withArguments(args []string) processOption {
 	return func(config *processConfig) {
 		config.extraArgs = append(config.extraArgs, args...)
 	}
 }
 
+func withPublicServer(config *processConfig) {
+	config.publicServer = true
+}
+
 func withStubOptions(opts ...gitlabstub.Option) processOption {
 	return func(config *processConfig) {
 		config.gitlabStubOpts = opts
diff --git a/test/gitlabstub/cmd/server/main.go b/test/gitlabstub/cmd/server/main.go
index 3e33daaa..9820b722 100644
--- a/test/gitlabstub/cmd/server/main.go
+++ b/test/gitlabstub/cmd/server/main.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"context"
+	"crypto/tls"
 	"errors"
 	"flag"
 	"log"
@@ -16,11 +17,25 @@ import (
 
 var (
 	pagesRoot = flag.String("pages-root", "shared/pages", "The directory where pages are stored")
+	keyFile   = flag.String("key-file", "", "Path to file certificate")
+	certFile  = flag.String("cert-file", "", "Path to file certificate")
 )
 
 func main() {
 	flag.Parse()
 
+	var opts []gitlabstub.Option
+
+	if *keyFile != "" && *certFile != "" {
+		log.Printf("Loading key pair: (%s) - (%s)", *certFile, *keyFile)
+		cert, err := tls.LoadX509KeyPair(*certFile, *keyFile)
+		if err != nil {
+			log.Fatalf("error loading certificate: %v", err)
+		}
+
+		opts = append(opts, gitlabstub.WithCertificate(cert))
+	}
+
 	if err := os.Chdir(*pagesRoot); err != nil {
 		log.Fatalf("error chdir in %s: %v", *pagesRoot, err)
 	}
@@ -30,12 +45,18 @@ func main() {
 		log.Fatalf("error getting current dir: %v", err)
 	}
 
-	server, err := gitlabstub.NewUnstartedServer(gitlabstub.WithPagesRoot(wd))
+	opts = append(opts, gitlabstub.WithPagesRoot(wd))
+
+	server, err := gitlabstub.NewUnstartedServer(opts...)
 	if err != nil {
 		log.Fatalf("error starting the server: %v", err)
 	}
 
-	server.Start()
+	if server.TLS != nil {
+		server.StartTLS()
+	} else {
+		server.Start()
+	}
 
 	log.Printf("listening on %s\n", server.URL)
 
diff --git a/test/gitlabstub/option.go b/test/gitlabstub/option.go
index d55abec2..366aeb5d 100644
--- a/test/gitlabstub/option.go
+++ b/test/gitlabstub/option.go
@@ -1,6 +1,7 @@
 package gitlabstub
 
 import (
+	"crypto/tls"
 	"net/http"
 	"time"
 )
@@ -9,10 +10,17 @@ type config struct {
 	pagesHandler http.HandlerFunc
 	pagesRoot    string
 	delay        time.Duration
+	tlsConfig    *tls.Config
 }
 
 type Option func(*config)
 
+func defaultTLSConfig() *tls.Config {
+	return &tls.Config{
+		MinVersion: tls.VersionTLS12,
+	}
+}
+
 func WithPagesHandler(ph http.HandlerFunc) Option {
 	return func(sc *config) {
 		sc.pagesHandler = ph
@@ -30,3 +38,12 @@ func WithDelay(delay time.Duration) Option {
 		sc.delay = delay
 	}
 }
+
+func WithCertificate(cert tls.Certificate) Option {
+	return func(c *config) {
+		if c.tlsConfig == nil {
+			c.tlsConfig = defaultTLSConfig()
+		}
+		c.tlsConfig.Certificates = append(c.tlsConfig.Certificates, cert)
+	}
+}
diff --git a/test/gitlabstub/server.go b/test/gitlabstub/server.go
index 5cf3dacf..74c75067 100644
--- a/test/gitlabstub/server.go
+++ b/test/gitlabstub/server.go
@@ -39,5 +39,8 @@ func NewUnstartedServer(opts ...Option) (*httptest.Server, error) {
 
 	router.PathPrefix("/").HandlerFunc(handleAccessControlArtifactRequests)
 
-	return httptest.NewUnstartedServer(router), nil
+	s := httptest.NewUnstartedServer(router)
+	s.TLS = conf.tlsConfig
+
+	return s, nil
 }