mirror of https://github.com/status-im/consul.git
Add test for adding DNSSAN for ConnectCALeaf cache type
This commit is contained in:
parent
d452769d92
commit
30792e933b
|
@ -1,6 +1,8 @@
|
||||||
package cachetype
|
package cachetype
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/x509"
|
||||||
|
"encoding/pem"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -966,6 +968,53 @@ func TestConnectCALeaf_expiringLeaf(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestConnectCALeaf_DNSSANForService(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
require := require.New(t)
|
||||||
|
rpc := TestRPC(t)
|
||||||
|
defer rpc.AssertExpectations(t)
|
||||||
|
|
||||||
|
typ, rootsCh := testCALeafType(t, rpc)
|
||||||
|
defer close(rootsCh)
|
||||||
|
|
||||||
|
caRoot := connect.TestCA(t, nil)
|
||||||
|
caRoot.Active = true
|
||||||
|
rootsCh <- structs.IndexedCARoots{
|
||||||
|
ActiveRootID: caRoot.ID,
|
||||||
|
TrustDomain: "fake-trust-domain.consul",
|
||||||
|
Roots: []*structs.CARoot{
|
||||||
|
caRoot,
|
||||||
|
},
|
||||||
|
QueryMeta: structs.QueryMeta{Index: 1},
|
||||||
|
}
|
||||||
|
|
||||||
|
// Instrument ConnectCA.Sign to
|
||||||
|
var caReq *structs.CASignRequest
|
||||||
|
rpc.On("RPC", "ConnectCA.Sign", mock.Anything, mock.Anything).Return(nil).
|
||||||
|
Run(func(args mock.Arguments) {
|
||||||
|
reply := args.Get(2).(*structs.IssuedCert)
|
||||||
|
leaf, _ := connect.TestLeaf(t, "web", caRoot)
|
||||||
|
reply.CertPEM = leaf
|
||||||
|
|
||||||
|
caReq = args.Get(1).(*structs.CASignRequest)
|
||||||
|
})
|
||||||
|
|
||||||
|
opts := cache.FetchOptions{MinIndex: 0, Timeout: 10 * time.Second}
|
||||||
|
req := &ConnectCALeafRequest{
|
||||||
|
Datacenter: "dc1",
|
||||||
|
Service: "web",
|
||||||
|
DNSSAN: []string{"test.example.com"},
|
||||||
|
}
|
||||||
|
_, err := typ.Fetch(opts, req)
|
||||||
|
require.NoError(err)
|
||||||
|
|
||||||
|
pemBlock, _ := pem.Decode([]byte(caReq.CSR))
|
||||||
|
csr, err := x509.ParseCertificateRequest(pemBlock.Bytes)
|
||||||
|
require.NoError(err)
|
||||||
|
require.Equal(csr.DNSNames, []string{"test.example.com"})
|
||||||
|
}
|
||||||
|
|
||||||
// testConnectCaRoot wraps ConnectCARoot to disable refresh so that the gated
|
// testConnectCaRoot wraps ConnectCARoot to disable refresh so that the gated
|
||||||
// channel controls the request directly. Otherwise, we get background refreshes and
|
// channel controls the request directly. Otherwise, we get background refreshes and
|
||||||
// it screws up the ordering of the channel reads of the testGatedRootsRPC
|
// it screws up the ordering of the channel reads of the testGatedRootsRPC
|
||||||
|
|
Loading…
Reference in New Issue