From 29fb0c4e98a4a775d9af8e917730e065f7971376 Mon Sep 17 00:00:00 2001 From: feistel <6742251-feistel@users.noreply.gitlab.com> Date: Fri, 1 Jul 2022 17:09:08 +0200 Subject: Add tls support to gitlab stub server --- test/acceptance/artifacts_test.go | 31 ++++++++----------------------- test/acceptance/helpers_test.go | 11 ++++++++++- test/acceptance/stub_test.go | 6 ++++++ test/gitlabstub/cmd/server/main.go | 25 +++++++++++++++++++++++-- test/gitlabstub/option.go | 17 +++++++++++++++++ test/gitlabstub/server.go | 5 ++++- 6 files changed, 68 insertions(+), 27 deletions(-) diff --git a/test/acceptance/artifacts_test.go b/test/acceptance/artifacts_test.go index e56a1390..6283d896 100644 --- a/test/acceptance/artifacts_test.go +++ b/test/acceptance/artifacts_test.go @@ -150,20 +150,6 @@ func TestArtifactProxyRequest(t *testing.T) { } func TestPrivateArtifactProxyRequest(t *testing.T) { - testServer, err := gitlabstub.NewUnstartedServer() - require.NoError(t, err) - - keyFile, certFile := CreateHTTPSFixtureFiles(t) - cert, err := tls.LoadX509KeyPair(certFile, keyFile) - require.NoError(t, err) - - testServer.TLS = &tls.Config{Certificates: []tls.Certificate{cert}} - testServer.StartTLS() - - t.Cleanup(func() { - testServer.Close() - }) - tests := []struct { name string host string @@ -202,23 +188,22 @@ func TestPrivateArtifactProxyRequest(t *testing.T) { }, } - // Ensure the IP address is used in the URL, as we're relying on IP SANs to - // validate - artifactServerURL := testServer.URL + "/api/v4" - t.Log("Artifact server URL", artifactServerURL) + configFile := defaultConfigFileWith(t) - configFile := defaultConfigFileWith(t, - "gitlab-server="+testServer.URL, - "artifacts-server="+artifactServerURL, - "auth-redirect-uri=https://projects.gitlab-example.com/auth", - "artifacts-server-timeout=1") + keyFile, certFile := CreateHTTPSFixtureFiles(t) + cert, err := tls.LoadX509KeyPair(certFile, keyFile) + require.NoError(t, err) RunPagesProcess(t, withListeners([]ListenSpec{httpsListener}), withArguments([]string{ "-config=" + configFile, }), + withPublicServer, + withExtraArgument("auth-redirect-uri", "https://projects.gitlab-example.com/auth"), + withExtraArgument("artifacts-server-timeout", "1"), withEnv([]string{"SSL_CERT_FILE=" + certFile}), + withStubOptions(gitlabstub.WithCertificate(cert)), ) for _, tt := range tests { diff --git a/test/acceptance/helpers_test.go b/test/acceptance/helpers_test.go index 4c365c5e..1539df01 100644 --- a/test/acceptance/helpers_test.go +++ b/test/acceptance/helpers_test.go @@ -247,7 +247,12 @@ func RunPagesProcess(t *testing.T, opts ...processOption) *LogCaptureBuffer { source, err := gitlabstub.NewUnstartedServer(processCfg.gitlabStubOpts...) require.NoError(t, err) - source.Start() + + if source.TLS != nil { + source.StartTLS() + } else { + source.Start() + } gitLabAPISecretKey := CreateGitLabAPISecretKeyFixtureFile(t) processCfg.extraArgs = append( @@ -257,6 +262,10 @@ func RunPagesProcess(t *testing.T, opts ...processOption) *LogCaptureBuffer { "-api-secret-key", gitLabAPISecretKey, ) + if processCfg.publicServer { + processCfg.extraArgs = append(processCfg.extraArgs, "-gitlab-server", source.URL) + } + logBuf, cleanup := runPagesProcess(t, processCfg.wait, processCfg.pagesBinary, processCfg.listeners, "", processCfg.envs, processCfg.extraArgs...) t.Cleanup(func() { diff --git a/test/acceptance/stub_test.go b/test/acceptance/stub_test.go index 3d54b4d4..e65a86cc 100644 --- a/test/acceptance/stub_test.go +++ b/test/acceptance/stub_test.go @@ -27,6 +27,7 @@ type processConfig struct { envs []string extraArgs []string gitlabStubOpts []gitlabstub.Option + publicServer bool } type processOption func(*processConfig) @@ -52,12 +53,17 @@ func withExtraArgument(key, value string) processOption { config.extraArgs = append(config.extraArgs, fmt.Sprintf("-%s=%s", key, value)) } } + func withArguments(args []string) processOption { return func(config *processConfig) { config.extraArgs = append(config.extraArgs, args...) } } +func withPublicServer(config *processConfig) { + config.publicServer = true +} + func withStubOptions(opts ...gitlabstub.Option) processOption { return func(config *processConfig) { config.gitlabStubOpts = opts diff --git a/test/gitlabstub/cmd/server/main.go b/test/gitlabstub/cmd/server/main.go index 3e33daaa..9820b722 100644 --- a/test/gitlabstub/cmd/server/main.go +++ b/test/gitlabstub/cmd/server/main.go @@ -2,6 +2,7 @@ package main import ( "context" + "crypto/tls" "errors" "flag" "log" @@ -16,11 +17,25 @@ import ( var ( pagesRoot = flag.String("pages-root", "shared/pages", "The directory where pages are stored") + keyFile = flag.String("key-file", "", "Path to file certificate") + certFile = flag.String("cert-file", "", "Path to file certificate") ) func main() { flag.Parse() + var opts []gitlabstub.Option + + if *keyFile != "" && *certFile != "" { + log.Printf("Loading key pair: (%s) - (%s)", *certFile, *keyFile) + cert, err := tls.LoadX509KeyPair(*certFile, *keyFile) + if err != nil { + log.Fatalf("error loading certificate: %v", err) + } + + opts = append(opts, gitlabstub.WithCertificate(cert)) + } + if err := os.Chdir(*pagesRoot); err != nil { log.Fatalf("error chdir in %s: %v", *pagesRoot, err) } @@ -30,12 +45,18 @@ func main() { log.Fatalf("error getting current dir: %v", err) } - server, err := gitlabstub.NewUnstartedServer(gitlabstub.WithPagesRoot(wd)) + opts = append(opts, gitlabstub.WithPagesRoot(wd)) + + server, err := gitlabstub.NewUnstartedServer(opts...) if err != nil { log.Fatalf("error starting the server: %v", err) } - server.Start() + if server.TLS != nil { + server.StartTLS() + } else { + server.Start() + } log.Printf("listening on %s\n", server.URL) diff --git a/test/gitlabstub/option.go b/test/gitlabstub/option.go index d55abec2..366aeb5d 100644 --- a/test/gitlabstub/option.go +++ b/test/gitlabstub/option.go @@ -1,6 +1,7 @@ package gitlabstub import ( + "crypto/tls" "net/http" "time" ) @@ -9,10 +10,17 @@ type config struct { pagesHandler http.HandlerFunc pagesRoot string delay time.Duration + tlsConfig *tls.Config } type Option func(*config) +func defaultTLSConfig() *tls.Config { + return &tls.Config{ + MinVersion: tls.VersionTLS12, + } +} + func WithPagesHandler(ph http.HandlerFunc) Option { return func(sc *config) { sc.pagesHandler = ph @@ -30,3 +38,12 @@ func WithDelay(delay time.Duration) Option { sc.delay = delay } } + +func WithCertificate(cert tls.Certificate) Option { + return func(c *config) { + if c.tlsConfig == nil { + c.tlsConfig = defaultTLSConfig() + } + c.tlsConfig.Certificates = append(c.tlsConfig.Certificates, cert) + } +} diff --git a/test/gitlabstub/server.go b/test/gitlabstub/server.go index 5cf3dacf..74c75067 100644 --- a/test/gitlabstub/server.go +++ b/test/gitlabstub/server.go @@ -39,5 +39,8 @@ func NewUnstartedServer(opts ...Option) (*httptest.Server, error) { router.PathPrefix("/").HandlerFunc(handleAccessControlArtifactRequests) - return httptest.NewUnstartedServer(router), nil + s := httptest.NewUnstartedServer(router) + s.TLS = conf.tlsConfig + + return s, nil } -- cgit v1.2.3