Skip to content

Commit

Permalink
enable running tests against https broker via option
Browse files Browse the repository at this point in the history
currently the broker.client is not embedding http client. It never
needed to because the broker was written as a CF app and therefore
never had to consider handling self signed certs. But since we are
changing towards supporting VM based deployment, we need to think
about how our test client will handle self signed certs. This seems
to be the path of least resistance, by embedding an http client in
the broker client struct, we can rely on setting the embedded clients
transport config to allow for "insecure" connecions.
  • Loading branch information
nouseforaname committed Sep 5, 2024
1 parent 25d14ba commit 172bcab
Show file tree
Hide file tree
Showing 5 changed files with 49 additions and 33 deletions.
2 changes: 1 addition & 1 deletion integrationtest/import_state_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ var _ = Describe("Import State", func() {
By("importing state into the vacant service instance")
req := must(http.NewRequest(http.MethodPatch, fmt.Sprintf("http://localhost:%d/import_state/%s", broker.Port, instance.GUID), bytes.NewReader(stateToImport)))
req.SetBasicAuth(broker.Username, broker.Password)
importResponse := must(http.DefaultClient.Do(req))
importResponse := must(broker.Client.Do(req))
Expect(importResponse).To(HaveHTTPStatus(http.StatusOK))

By("checking that the state was imported into the database")
Expand Down
1 change: 1 addition & 0 deletions integrationtest/maintenance_info_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ var _ = Describe("Maintenance Info", func() {
broker = must(testdrive.StartBroker(
csb, brokerpak, database,
testdrive.WithOutputs(GinkgoWriter, GinkgoWriter),
testdrive.WithTLSConfig(),
testdrive.WithEnv("TERRAFORM_UPGRADES_ENABLED=true"),
))
})
Expand Down
8 changes: 3 additions & 5 deletions integrationtest/server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,19 +28,17 @@ var _ = Describe("Starting Server", func() {
When("TLS data is provided", func() {
When("Valid data exists", func() {
It("Should accept HTTPS requests", func() {
isValid := true
broker, err := testdrive.StartBroker(csb, brokerpak, database, testdrive.WithTLSConfig(isValid), testdrive.WithEnv(fmt.Sprintf("GSB_SERVICE_ALPHA_SERVICE_PLANS=%s", userProvidedPlan)), testdrive.WithOutputs(GinkgoWriter, GinkgoWriter))
broker, err := testdrive.StartBroker(csb, brokerpak, database, testdrive.WithTLSConfig(), testdrive.WithEnv(fmt.Sprintf("GSB_SERVICE_ALPHA_SERVICE_PLANS=%s", userProvidedPlan)), testdrive.WithOutputs(GinkgoWriter, GinkgoWriter))
Expect(err).NotTo(HaveOccurred())

_, err = http.Get(fmt.Sprintf("https://localhost:%d", broker.Port))
_, err = broker.Client.Get(fmt.Sprintf("https://localhost:%d", broker.Port))
Expect(err).NotTo(HaveOccurred())
})
})

When("Invalid data exists", func() {
It("Should fail to start", func() {
notValid := false
_, err := testdrive.StartBroker(csb, brokerpak, database, testdrive.WithTLSConfig(notValid), testdrive.WithEnv(fmt.Sprintf("GSB_SERVICE_ALPHA_SERVICE_PLANS=%s", userProvidedPlan)), testdrive.WithOutputs(GinkgoWriter, GinkgoWriter))
_, err := testdrive.StartBroker(csb, brokerpak, database, testdrive.WithInvalidTLSConfig(), testdrive.WithEnv(fmt.Sprintf("GSB_SERVICE_ALPHA_SERVICE_PLANS=%s", userProvidedPlan)), testdrive.WithOutputs(GinkgoWriter, GinkgoWriter))
Expect(err).To(HaveOccurred())
})
})
Expand Down
68 changes: 42 additions & 26 deletions internal/testdrive/broker_start.go
Original file line number Diff line number Diff line change
Expand Up @@ -95,16 +95,22 @@ func StartBroker(csbPath, bpk, db string, opts ...StartBrokerOption) (*Broker, e
start := time.Now()

scheme := "http"
for {
for _, envVar := range cmd.Env {
if strings.HasPrefix(envVar, "TLS_") {
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
scheme = "https"
break

for _, envVar := range cmd.Env {
if strings.HasPrefix(envVar, "TLS_") {

ignoreSelfSignedCerts := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
broker.Client.BaseURL.Scheme = "https"
broker.Client.Transport = ignoreSelfSignedCerts
scheme = "https"
break
}
}

response, err := http.Head(fmt.Sprintf("%s://localhost:%d", scheme, port))
for {
response, err := broker.Client.Head(fmt.Sprintf("%s://localhost:%d", scheme, port))
switch {
case err == nil && response.StatusCode == http.StatusOK:
return &broker, nil
Expand Down Expand Up @@ -176,33 +182,43 @@ func encodeKeyPair(caBytes, caPrivKeyBytes []byte) ([]byte, []byte) {
return caPEM, caPrivKeyPEM
}

func WithTLSConfig(isValid bool) StartBrokerOption {
func WithInvalidTLSConfig() StartBrokerOption {
return func(cfg *startBrokerConfig) {
ca, caPrivKey := createCAKeyPair("US")

serverCert, serverPrivKey := createKeyPairSignedByCA(ca, caPrivKey)
tlsConfig(cfg, false)
}
}

certFileBuf, err := os.CreateTemp("", "")
Expect(err).NotTo(HaveOccurred())
defer certFileBuf.Close()
func WithTLSConfig() StartBrokerOption {
return func(cfg *startBrokerConfig) {
tlsConfig(cfg, true)
}
}

privKeyFileBuf, err := os.CreateTemp("", "")
Expect(err).NotTo(HaveOccurred())
defer privKeyFileBuf.Close()
func tlsConfig(cfg *startBrokerConfig, valid bool) {
ca, caPrivKey := createCAKeyPair("US")

if !isValid {
// If the isValid parameter is false, the server private key is intentionally corrupted
// by modifying one of its bytes.
serverPrivKey[10] = 'a'
}
serverCert, serverPrivKey := createKeyPairSignedByCA(ca, caPrivKey)

Expect(os.WriteFile(privKeyFileBuf.Name(), serverPrivKey, 0o644)).To(Succeed())
certFileBuf, err := os.CreateTemp("", "")
Expect(err).NotTo(HaveOccurred())
defer certFileBuf.Close()

Expect(os.WriteFile(certFileBuf.Name(), serverCert, 0o644)).To(Succeed())
privKeyFileBuf, err := os.CreateTemp("", "")
Expect(err).NotTo(HaveOccurred())
defer privKeyFileBuf.Close()

cfg.env = append(cfg.env, fmt.Sprintf("TLS_CERT_CHAIN=%s", certFileBuf.Name()))
cfg.env = append(cfg.env, fmt.Sprintf("TLS_PRIVATE_KEY=%s", privKeyFileBuf.Name()))
if !valid {
// If the isValid parameter is false, the server private key is intentionally corrupted
// by modifying one of its bytes.
serverPrivKey[10] = 'a'
}

Expect(os.WriteFile(privKeyFileBuf.Name(), serverPrivKey, 0o644)).To(Succeed())

Expect(os.WriteFile(certFileBuf.Name(), serverCert, 0o644)).To(Succeed())

cfg.env = append(cfg.env, fmt.Sprintf("TLS_CERT_CHAIN=%s", certFileBuf.Name()))
cfg.env = append(cfg.env, fmt.Sprintf("TLS_PRIVATE_KEY=%s", privKeyFileBuf.Name()))
}

func WithEnv(extraEnv ...string) StartBrokerOption {
Expand Down
3 changes: 2 additions & 1 deletion pkg/client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ func New(username, password, hostname string, port int) (*Client, error) {
}

type Client struct {
http.Client
BaseURL *url.URL
}

Expand Down Expand Up @@ -135,7 +136,7 @@ func (client *Client) makeRequest(method, path, requestID string, body any) *Bro
return &br
}

resp, err := http.DefaultClient.Do(req)
resp, err := client.Do(req)

br.UpdateResponse(resp)
br.UpdateError(err)
Expand Down

0 comments on commit 172bcab

Please sign in to comment.