mirror of https://github.com/status-im/consul.git
Merge pull request #10004 from hashicorp/dnephin/go1.16
ci: test against Go1.16.3
This commit is contained in:
commit
3f05e3097f
|
@ -13,7 +13,7 @@ parameters:
|
||||||
|
|
||||||
references:
|
references:
|
||||||
images:
|
images:
|
||||||
go: &GOLANG_IMAGE docker.mirror.hashicorp.services/circleci/golang:1.15.6
|
go: &GOLANG_IMAGE docker.mirror.hashicorp.services/circleci/golang:1.16.3
|
||||||
ember: &EMBER_IMAGE docker.mirror.hashicorp.services/circleci/node:12-browsers
|
ember: &EMBER_IMAGE docker.mirror.hashicorp.services/circleci/node:12-browsers
|
||||||
|
|
||||||
paths:
|
paths:
|
||||||
|
|
|
@ -6,13 +6,15 @@ import (
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/hashicorp/consul/sdk/testutil"
|
"github.com/google/go-cmp/cmp"
|
||||||
"github.com/hashicorp/consul/testrpc"
|
"github.com/google/go-cmp/cmp/cmpopts"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
"github.com/hashicorp/consul/agent"
|
"github.com/hashicorp/consul/agent"
|
||||||
"github.com/hashicorp/consul/agent/connect"
|
"github.com/hashicorp/consul/agent/connect"
|
||||||
"github.com/hashicorp/consul/api"
|
"github.com/hashicorp/consul/api"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/hashicorp/consul/sdk/testutil"
|
||||||
|
"github.com/hashicorp/consul/testrpc"
|
||||||
)
|
)
|
||||||
|
|
||||||
func Test_verifyServerCertMatchesURI(t *testing.T) {
|
func Test_verifyServerCertMatchesURI(t *testing.T) {
|
||||||
|
@ -266,7 +268,7 @@ func TestServerSideVerifier(t *testing.T) {
|
||||||
func requireEqualTLSConfig(t *testing.T, expect, got *tls.Config) {
|
func requireEqualTLSConfig(t *testing.T, expect, got *tls.Config) {
|
||||||
require := require.New(t)
|
require := require.New(t)
|
||||||
require.Equal(expect.RootCAs, got.RootCAs)
|
require.Equal(expect.RootCAs, got.RootCAs)
|
||||||
require.Equal(expect.ClientCAs, got.ClientCAs)
|
assertDeepEqual(t, expect.ClientCAs, got.ClientCAs, cmpCertPool)
|
||||||
require.Equal(expect.InsecureSkipVerify, got.InsecureSkipVerify)
|
require.Equal(expect.InsecureSkipVerify, got.InsecureSkipVerify)
|
||||||
require.Equal(expect.MinVersion, got.MinVersion)
|
require.Equal(expect.MinVersion, got.MinVersion)
|
||||||
require.Equal(expect.CipherSuites, got.CipherSuites)
|
require.Equal(expect.CipherSuites, got.CipherSuites)
|
||||||
|
@ -293,6 +295,19 @@ func requireEqualTLSConfig(t *testing.T, expect, got *tls.Config) {
|
||||||
require.Equal(expectLeaf, gotLeaf)
|
require.Equal(expectLeaf, gotLeaf)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// lazyCerts has a func field which can't be compared.
|
||||||
|
var cmpCertPool = cmp.Options{
|
||||||
|
cmpopts.IgnoreFields(x509.CertPool{}, "lazyCerts"),
|
||||||
|
cmp.AllowUnexported(x509.CertPool{}),
|
||||||
|
}
|
||||||
|
|
||||||
|
func assertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) {
|
||||||
|
t.Helper()
|
||||||
|
if diff := cmp.Diff(x, y, opts...); diff != "" {
|
||||||
|
t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// requireCorrectVerifier invokes got.VerifyPeerCertificate and expects the
|
// requireCorrectVerifier invokes got.VerifyPeerCertificate and expects the
|
||||||
// tls.Config arg to be returned on the provided channel. This ensures the
|
// tls.Config arg to be returned on the provided channel. This ensures the
|
||||||
// correct verifier func was attached to got.
|
// correct verifier func was attached to got.
|
||||||
|
|
|
@ -62,20 +62,22 @@ func (s *TestSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestGenerateCA(t *testing.T) {
|
func TestGenerateCA(t *testing.T) {
|
||||||
t.Parallel()
|
t.Run("no signer", func(t *testing.T) {
|
||||||
ca, pk, err := GenerateCA(CAOpts{Signer: &TestSigner{}})
|
ca, pk, err := GenerateCA(CAOpts{Signer: &TestSigner{}})
|
||||||
require.Error(t, err)
|
require.Error(t, err)
|
||||||
require.Empty(t, ca)
|
require.Empty(t, ca)
|
||||||
require.Empty(t, pk)
|
require.Empty(t, pk)
|
||||||
|
})
|
||||||
|
|
||||||
// test what happens with wrong key
|
t.Run("wrong key", func(t *testing.T) {
|
||||||
ca, pk, err = GenerateCA(CAOpts{Signer: &TestSigner{public: &rsa.PublicKey{}}})
|
ca, pk, err := GenerateCA(CAOpts{Signer: &TestSigner{public: &rsa.PublicKey{}}})
|
||||||
require.Error(t, err)
|
require.Error(t, err)
|
||||||
require.Empty(t, ca)
|
require.Empty(t, ca)
|
||||||
require.Empty(t, pk)
|
require.Empty(t, pk)
|
||||||
|
})
|
||||||
|
|
||||||
// test what happens with correct key
|
t.Run("valid key", func(t *testing.T) {
|
||||||
ca, pk, err = GenerateCA(CAOpts{})
|
ca, pk, err := GenerateCA(CAOpts{})
|
||||||
require.Nil(t, err)
|
require.Nil(t, err)
|
||||||
require.NotEmpty(t, ca)
|
require.NotEmpty(t, ca)
|
||||||
require.NotEmpty(t, pk)
|
require.NotEmpty(t, pk)
|
||||||
|
@ -90,15 +92,15 @@ func TestGenerateCA(t *testing.T) {
|
||||||
require.WithinDuration(t, cert.NotAfter, time.Now().AddDate(0, 0, 365), time.Minute)
|
require.WithinDuration(t, cert.NotAfter, time.Now().AddDate(0, 0, 365), time.Minute)
|
||||||
|
|
||||||
require.Equal(t, x509.KeyUsageCertSign|x509.KeyUsageCRLSign|x509.KeyUsageDigitalSignature, cert.KeyUsage)
|
require.Equal(t, x509.KeyUsageCertSign|x509.KeyUsageCRLSign|x509.KeyUsageDigitalSignature, cert.KeyUsage)
|
||||||
|
})
|
||||||
|
|
||||||
// Test what happens with a correct RSA Key
|
t.Run("RSA key", func(t *testing.T) {
|
||||||
s, err := rsa.GenerateKey(rand.Reader, 2048)
|
ca, pk, err := GenerateCA(CAOpts{})
|
||||||
require.Nil(t, err)
|
|
||||||
ca, _, err = GenerateCA(CAOpts{Signer: &TestSigner{public: s.Public()}})
|
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.NotEmpty(t, ca)
|
require.NotEmpty(t, ca)
|
||||||
|
require.NotEmpty(t, pk)
|
||||||
|
|
||||||
cert, err = parseCert(ca)
|
cert, err := parseCert(ca)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.True(t, strings.HasPrefix(cert.Subject.CommonName, "Consul Agent CA"))
|
require.True(t, strings.HasPrefix(cert.Subject.CommonName, "Consul Agent CA"))
|
||||||
require.Equal(t, true, cert.IsCA)
|
require.Equal(t, true, cert.IsCA)
|
||||||
|
@ -108,6 +110,7 @@ func TestGenerateCA(t *testing.T) {
|
||||||
require.WithinDuration(t, cert.NotAfter, time.Now().AddDate(0, 0, 365), time.Minute)
|
require.WithinDuration(t, cert.NotAfter, time.Now().AddDate(0, 0, 365), time.Minute)
|
||||||
|
|
||||||
require.Equal(t, x509.KeyUsageCertSign|x509.KeyUsageCRLSign|x509.KeyUsageDigitalSignature, cert.KeyUsage)
|
require.Equal(t, x509.KeyUsageCertSign|x509.KeyUsageCRLSign|x509.KeyUsageDigitalSignature, cert.KeyUsage)
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestGenerateCert(t *testing.T) {
|
func TestGenerateCert(t *testing.T) {
|
||||||
|
|
Loading…
Reference in New Issue