Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added testing of GRPC with TLS combinations
This ensures that #9474 will not reproduce.
- Loading branch information
1 parent
e2f2d4b
commit 994fe80
Showing
1 changed file
with
107 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,107 @@ | ||
| package agent | ||
|
|
||
| import ( | ||
| "net/http" | ||
| "net/http/httptest" | ||
| "testing" | ||
|
|
||
| "github.com/stretchr/testify/require" | ||
|
|
||
| "github.com/hashicorp/consul/sdk/testutil" | ||
| "github.com/hashicorp/consul/testrpc" | ||
| ) | ||
|
|
||
| func testGRPCStreamingWorking(t *testing.T, config string) { | ||
| if testing.Short() { | ||
| t.Skip("too slow for testing.Short") | ||
| } | ||
|
|
||
| a := NewTestAgent(t, config) | ||
| defer a.Shutdown() | ||
|
|
||
| testrpc.WaitForLeader(t, a.RPC, "dc1") | ||
|
|
||
| req, _ := http.NewRequest("GET", "/v1/health/service/consul?index=3", nil) | ||
| resp := httptest.NewRecorder() | ||
| _, err := a.srv.HealthServiceNodes(resp, req) | ||
| if err != nil { | ||
| t.Fatalf("err: %v", err) | ||
| } | ||
|
|
||
| assertIndex(t, resp) | ||
| require.NotEmpty(t, resp.Header().Get("X-Consul-Index")) | ||
| } | ||
|
|
||
| func TestGRPCWithTLSConfigs(t *testing.T) { | ||
| t.Parallel() | ||
| testCases := []struct { | ||
| name string | ||
| config string | ||
| }{ | ||
| { | ||
| name: "no-tls", | ||
| config: "", | ||
| }, | ||
| { | ||
| name: "tls-all-enabled", | ||
| config: ` | ||
| # tls | ||
| ca_file = "../test/hostname/CertAuth.crt" | ||
| cert_file = "../test/hostname/Bob.crt" | ||
| key_file = "../test/hostname/Bob.key" | ||
| verify_incoming = true | ||
| verify_outgoing = true | ||
| verify_server_hostname = true | ||
| `, | ||
| }, | ||
| { | ||
| name: "tls ready no verify incoming", | ||
| config: ` | ||
| # tls | ||
| ca_file = "../test/hostname/CertAuth.crt" | ||
| cert_file = "../test/hostname/Bob.crt" | ||
| key_file = "../test/hostname/Bob.key" | ||
| verify_incoming = false | ||
| verify_outgoing = true | ||
| verify_server_hostname = false | ||
| `, | ||
| }, | ||
| { | ||
| name: "tls ready no verify outgoing and incoming", | ||
| config: ` | ||
| # tls | ||
| ca_file = "../test/hostname/CertAuth.crt" | ||
| cert_file = "../test/hostname/Bob.crt" | ||
| key_file = "../test/hostname/Bob.key" | ||
| verify_incoming = false | ||
| verify_outgoing = false | ||
| verify_server_hostname = false | ||
| `, | ||
| }, | ||
| { | ||
| name: "tls ready, all defaults", | ||
| config: ` | ||
| # tls | ||
| ca_file = "../test/hostname/CertAuth.crt" | ||
| cert_file = "../test/hostname/Bob.crt" | ||
| key_file = "../test/hostname/Bob.key" | ||
| `, | ||
| }, | ||
| } | ||
| for _, tt := range testCases { | ||
| t.Run(tt.name, func(t *testing.T) { | ||
| dataDir := testutil.TempDir(t, "agent") // we manage the data dir | ||
| cfg := `data_dir = "` + dataDir + `" | ||
| domain = "consul" | ||
| node_name = "my-fancy-server" | ||
| datacenter = "dc1" | ||
| primary_datacenter = "dc1" | ||
| rpc { | ||
| enable_streaming = true | ||
| } | ||
| use_streaming_backend = true | ||
| ` + tt.config | ||
| testGRPCStreamingWorking(t, cfg) | ||
| }) | ||
| } | ||
| } |