Skip to content

Commit

Permalink
maintain: update CLI tests for new TLS config
Browse files Browse the repository at this point in the history
The certificate is specified from opts instead of populating the cache.
  • Loading branch information
dnephin committed Jun 27, 2022
1 parent e587dcd commit 871965b
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 19 deletions.
3 changes: 1 addition & 2 deletions internal/cmd/list_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,14 +34,13 @@ func TestListCmd(t *testing.T) {
{User: "[email protected]", Resource: "moon", Role: "inhabitant"},
},
}
opts.Addr = server.ListenerOptions{HTTPS: "127.0.0.1:0", HTTP: "127.0.0.1:0"}
setupServerTLSOptions(t, &opts)
srv, err := server.New(opts)
assert.NilError(t, err)

ctx, cancel := context.WithCancel(context.Background())
t.Cleanup(cancel)

setupCertManager(t, opts.TLSCache, srv.Addrs.HTTPS.String())
go func() {
assert.Check(t, srv.Run(ctx))
}()
Expand Down
26 changes: 9 additions & 17 deletions internal/cmd/login_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ import (
"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"
"github.com/hinshun/vt10x"
"golang.org/x/crypto/acme/autocert"
"golang.org/x/sync/errgroup"
"gotest.tools/v3/assert"
"gotest.tools/v3/assert/opt"
Expand All @@ -23,6 +22,7 @@ import (

"github.com/infrahq/infra/api"
"github.com/infrahq/infra/internal/certs"
"github.com/infrahq/infra/internal/cmd/types"
"github.com/infrahq/infra/internal/race"
"github.com/infrahq/infra/internal/server"
"github.com/infrahq/infra/uid"
Expand All @@ -34,15 +34,14 @@ func TestLoginCmd_SetupAdminOnFirstLogin(t *testing.T) {
dir := setupEnv(t)

opts := defaultServerOptions(dir)
opts.Addr = server.ListenerOptions{HTTPS: "127.0.0.1:0", HTTP: "127.0.0.1:0"}
setupServerTLSOptions(t, &opts)

srv, err := server.New(opts)
assert.NilError(t, err)

ctx, cancel := context.WithCancel(context.Background())
t.Cleanup(cancel)

setupCertManager(t, opts.TLSCache, srv.Addrs.HTTPS.String())
go func() {
assert.Check(t, srv.Run(ctx))
}()
Expand Down Expand Up @@ -129,7 +128,7 @@ func TestLoginCmd_Options(t *testing.T) {
dir := setupEnv(t)

opts := defaultServerOptions(dir)
opts.Addr = server.ListenerOptions{HTTPS: "127.0.0.1:0", HTTP: "127.0.0.1:0"}
setupServerTLSOptions(t, &opts)
adminAccessKey := "aaaaaaaaaa.bbbbbbbbbbbbbbbbbbbbbbbb"
opts.Config.Users = []server.User{
{
Expand All @@ -143,7 +142,6 @@ func TestLoginCmd_Options(t *testing.T) {
ctx, cancel := context.WithCancel(context.Background())
t.Cleanup(cancel)

setupCertManager(t, opts.TLSCache, srv.Addrs.HTTPS.String())
go func() {
assert.Check(t, srv.Run(ctx))
}()
Expand Down Expand Up @@ -282,23 +280,18 @@ func setupEnv(t *testing.T) string {
return dir
}

// setupCertManager copies the static TLS cert and key into the cache that will
// be used by the server. This allows the server to skip generating a private key
// for both the CA and server certificate, which takes multiple seconds.
func setupCertManager(t *testing.T, dir string, serverName string) {
func setupServerTLSOptions(t *testing.T, opts *server.Options) {
t.Helper()
ctx := context.Background()
cache := autocert.DirCache(dir)

opts.Addr = server.ListenerOptions{HTTPS: "127.0.0.1:0", HTTP: "127.0.0.1:0"}

key, err := os.ReadFile("testdata/pki/localhost.key")
assert.NilError(t, err)
err = cache.Put(ctx, serverName+".key", key)
assert.NilError(t, err)
opts.TLS.PrivateKey = string(key)

cert, err := os.ReadFile("testdata/pki/localhost.crt")
assert.NilError(t, err)
err = cache.Put(ctx, serverName+".crt", cert)
assert.NilError(t, err)
opts.TLS.Certificate = types.StringOrFile(cert)
}

func TestLoginCmd_TLSVerify(t *testing.T) {
Expand All @@ -310,18 +303,17 @@ func TestLoginCmd_TLSVerify(t *testing.T) {
t.Setenv("KUBECONFIG", kubeConfigPath)

opts := defaultServerOptions(dir)
setupServerTLSOptions(t, &opts)
accessKey := "0000000001.adminadminadminadmin1234"
opts.Users = []server.User{
{Name: "[email protected]", AccessKey: accessKey},
}
opts.Addr = server.ListenerOptions{HTTPS: "127.0.0.1:0", HTTP: "127.0.0.1:0"}
srv, err := server.New(opts)
assert.NilError(t, err)

ctx, cancel := context.WithCancel(context.Background())
t.Cleanup(cancel)

setupCertManager(t, opts.TLSCache, srv.Addrs.HTTPS.String())
go func() {
assert.Check(t, srv.Run(ctx))
}()
Expand Down
5 changes: 5 additions & 0 deletions internal/cmd/server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -321,6 +321,11 @@ func TestServerCmd_WithSecretsConfig(t *testing.T) {
http: "127.0.0.1:0"
https: "127.0.0.1:0"
metrics: "127.0.0.1:0"
tls:
ca: some-ca
caPrivateKey: some-key
secrets:
- kind: env
name: base64env
Expand Down
2 changes: 2 additions & 0 deletions internal/server/server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,10 @@ import (
"go.uber.org/zap/zaptest"
"gotest.tools/v3/assert"
is "gotest.tools/v3/assert/cmp"
"gotest.tools/v3/golden"

"github.com/infrahq/infra/api"
"github.com/infrahq/infra/internal/cmd/types"
"github.com/infrahq/infra/internal/logging"
"github.com/infrahq/infra/internal/server/data"
)
Expand Down

0 comments on commit 871965b

Please sign in to comment.