maintain: update CLI tests for new TLS config

The certificate is specified from opts instead of populating the cache.
infrahq · Jun 29, 2022 · 4dfd974 · 4dfd974
1 parent 13d9553
commit 4dfd974
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 26 deletions.
diff --git a/internal/cmd/list_test.go b/internal/cmd/list_test.go
@@ -34,14 +34,13 @@ func TestListCmd(t *testing.T) {
 			{User: "[email protected]", Resource: "moon", Role: "inhabitant"},
 		},
 	}
-	opts.Addr = server.ListenerOptions{HTTPS: "127.0.0.1:0", HTTP: "127.0.0.1:0"}
+	setupServerTLSOptions(t, &opts)
 	srv, err := server.New(opts)
 	assert.NilError(t, err)
 
 	ctx, cancel := context.WithCancel(context.Background())
 	t.Cleanup(cancel)
 
-	setupCertManager(t, opts.TLSCache, srv.Addrs.HTTPS.String())
 	go func() {
 		assert.Check(t, srv.Run(ctx))
 	}()

diff --git a/internal/cmd/login_test.go b/internal/cmd/login_test.go
@@ -3,7 +3,6 @@ package cmd
 import (
 	"context"
 	"encoding/pem"
-	"net"
 	"os"
 	"path/filepath"
 	"testing"
@@ -15,7 +14,6 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/hinshun/vt10x"
-	"golang.org/x/crypto/acme/autocert"
 	"golang.org/x/sync/errgroup"
 	"gotest.tools/v3/assert"
 	"gotest.tools/v3/assert/opt"
@@ -24,6 +22,7 @@ import (
 
 	"github.com/infrahq/infra/api"
 	"github.com/infrahq/infra/internal/certs"
+	"github.com/infrahq/infra/internal/cmd/types"
 	"github.com/infrahq/infra/internal/race"
 	"github.com/infrahq/infra/internal/server"
 	"github.com/infrahq/infra/uid"
@@ -35,18 +34,14 @@ func TestLoginCmd_SetupAdminOnFirstLogin(t *testing.T) {
 	dir := setupEnv(t)
 
 	opts := defaultServerOptions(dir)
-	opts.Addr = server.ListenerOptions{HTTPS: "127.0.0.1:0", HTTP: "127.0.0.1:0"}
+	setupServerTLSOptions(t, &opts)
 
 	srv, err := server.New(opts)
 	assert.NilError(t, err)
 
 	ctx, cancel := context.WithCancel(context.Background())
 	t.Cleanup(cancel)
 
-	host, _, err := net.SplitHostPort(srv.Addrs.HTTPS.String())
-	assert.NilError(t, err)
-
-	setupCertManager(t, opts.TLSCache, host)
 	go func() {
 		assert.Check(t, srv.Run(ctx))
 	}()
@@ -133,7 +128,7 @@ func TestLoginCmd_Options(t *testing.T) {
 	dir := setupEnv(t)
 
 	opts := defaultServerOptions(dir)
-	opts.Addr = server.ListenerOptions{HTTPS: "127.0.0.1:0", HTTP: "127.0.0.1:0"}
+	setupServerTLSOptions(t, &opts)
 	adminAccessKey := "aaaaaaaaaa.bbbbbbbbbbbbbbbbbbbbbbbb"
 	opts.Config.Users = []server.User{
 		{
@@ -147,7 +142,6 @@ func TestLoginCmd_Options(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	t.Cleanup(cancel)
 
-	setupCertManager(t, opts.TLSCache, srv.Addrs.HTTPS.String())
 	go func() {
 		assert.Check(t, srv.Run(ctx))
 	}()
@@ -286,23 +280,18 @@ func setupEnv(t *testing.T) string {
 	return dir
 }
 
-// setupCertManager copies the static TLS cert and key into the cache that will
-// be used by the server. This allows the server to skip generating a private key
-// for both the CA and server certificate, which takes multiple seconds.
-func setupCertManager(t *testing.T, dir string, serverName string) {
+func setupServerTLSOptions(t *testing.T, opts *server.Options) {
 	t.Helper()
-	ctx := context.Background()
-	cache := autocert.DirCache(dir)
+
+	opts.Addr = server.ListenerOptions{HTTPS: "127.0.0.1:0", HTTP: "127.0.0.1:0"}
 
 	key, err := os.ReadFile("testdata/pki/localhost.key")
 	assert.NilError(t, err)
-	err = cache.Put(ctx, serverName+".key", key)
-	assert.NilError(t, err)
+	opts.TLS.PrivateKey = string(key)
 
 	cert, err := os.ReadFile("testdata/pki/localhost.crt")
 	assert.NilError(t, err)
-	err = cache.Put(ctx, serverName+".crt", cert)
-	assert.NilError(t, err)
+	opts.TLS.Certificate = types.StringOrFile(cert)
 }
 
 func TestLoginCmd_TLSVerify(t *testing.T) {
@@ -314,21 +303,17 @@ func TestLoginCmd_TLSVerify(t *testing.T) {
 	t.Setenv("KUBECONFIG", kubeConfigPath)
 
 	opts := defaultServerOptions(dir)
+	setupServerTLSOptions(t, &opts)
 	accessKey := "0000000001.adminadminadminadmin1234"
 	opts.Users = []server.User{
 		{Name: "[email protected]", AccessKey: accessKey},
 	}
-	opts.Addr = server.ListenerOptions{HTTPS: "127.0.0.1:0", HTTP: "127.0.0.1:0"}
 	srv, err := server.New(opts)
 	assert.NilError(t, err)
 
 	ctx, cancel := context.WithCancel(context.Background())
 	t.Cleanup(cancel)
 
-	host, _, err := net.SplitHostPort(srv.Addrs.HTTPS.String())
-	assert.NilError(t, err)
-
-	setupCertManager(t, opts.TLSCache, host)
 	go func() {
 		assert.Check(t, srv.Run(ctx))
 	}()

diff --git a/internal/cmd/server_test.go b/internal/cmd/server_test.go
@@ -321,6 +321,11 @@ func TestServerCmd_WithSecretsConfig(t *testing.T) {
         http: "127.0.0.1:0"
         https: "127.0.0.1:0"
         metrics: "127.0.0.1:0"
+
+      tls:
+        ca: some-ca
+        caPrivateKey: some-key
+
       secrets:
         - kind: env
           name: base64env

diff --git a/internal/server/tls_test.go b/internal/server/tls_test.go
@@ -64,6 +64,7 @@ func TestTLSConfigFromOptions(t *testing.T) {
 		srv := http.Server{Handler: noopHandler}
 
 		go func() {
+			// nolint:errorlint
 			if err := srv.Serve(l); err != http.ErrServerClosed {
 				t.Log(err)
 			}