Merge pull request #10004 from hashicorp/dnephin/go1.16

ci: test against Go1.16.3
This commit is contained in:
Daniel Nephin 2021-04-16 13:05:14 -04:00 committed by GitHub
commit 3f05e3097f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 60 additions and 42 deletions

View File

@ -13,7 +13,7 @@ parameters:
references: references:
images: images:
go: &GOLANG_IMAGE docker.mirror.hashicorp.services/circleci/golang:1.15.6 go: &GOLANG_IMAGE docker.mirror.hashicorp.services/circleci/golang:1.16.3
ember: &EMBER_IMAGE docker.mirror.hashicorp.services/circleci/node:12-browsers ember: &EMBER_IMAGE docker.mirror.hashicorp.services/circleci/node:12-browsers
paths: paths:

View File

@ -6,13 +6,15 @@ import (
"encoding/pem" "encoding/pem"
"testing" "testing"
"github.com/hashicorp/consul/sdk/testutil" "github.com/google/go-cmp/cmp"
"github.com/hashicorp/consul/testrpc" "github.com/google/go-cmp/cmp/cmpopts"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/agent" "github.com/hashicorp/consul/agent"
"github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/connect"
"github.com/hashicorp/consul/api" "github.com/hashicorp/consul/api"
"github.com/stretchr/testify/require" "github.com/hashicorp/consul/sdk/testutil"
"github.com/hashicorp/consul/testrpc"
) )
func Test_verifyServerCertMatchesURI(t *testing.T) { func Test_verifyServerCertMatchesURI(t *testing.T) {
@ -266,7 +268,7 @@ func TestServerSideVerifier(t *testing.T) {
func requireEqualTLSConfig(t *testing.T, expect, got *tls.Config) { func requireEqualTLSConfig(t *testing.T, expect, got *tls.Config) {
require := require.New(t) require := require.New(t)
require.Equal(expect.RootCAs, got.RootCAs) require.Equal(expect.RootCAs, got.RootCAs)
require.Equal(expect.ClientCAs, got.ClientCAs) assertDeepEqual(t, expect.ClientCAs, got.ClientCAs, cmpCertPool)
require.Equal(expect.InsecureSkipVerify, got.InsecureSkipVerify) require.Equal(expect.InsecureSkipVerify, got.InsecureSkipVerify)
require.Equal(expect.MinVersion, got.MinVersion) require.Equal(expect.MinVersion, got.MinVersion)
require.Equal(expect.CipherSuites, got.CipherSuites) require.Equal(expect.CipherSuites, got.CipherSuites)
@ -293,6 +295,19 @@ func requireEqualTLSConfig(t *testing.T, expect, got *tls.Config) {
require.Equal(expectLeaf, gotLeaf) require.Equal(expectLeaf, gotLeaf)
} }
// lazyCerts has a func field which can't be compared.
var cmpCertPool = cmp.Options{
cmpopts.IgnoreFields(x509.CertPool{}, "lazyCerts"),
cmp.AllowUnexported(x509.CertPool{}),
}
func assertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) {
t.Helper()
if diff := cmp.Diff(x, y, opts...); diff != "" {
t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff)
}
}
// requireCorrectVerifier invokes got.VerifyPeerCertificate and expects the // requireCorrectVerifier invokes got.VerifyPeerCertificate and expects the
// tls.Config arg to be returned on the provided channel. This ensures the // tls.Config arg to be returned on the provided channel. This ensures the
// correct verifier func was attached to got. // correct verifier func was attached to got.

View File

@ -62,52 +62,55 @@ func (s *TestSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts)
} }
func TestGenerateCA(t *testing.T) { func TestGenerateCA(t *testing.T) {
t.Parallel() t.Run("no signer", func(t *testing.T) {
ca, pk, err := GenerateCA(CAOpts{Signer: &TestSigner{}}) ca, pk, err := GenerateCA(CAOpts{Signer: &TestSigner{}})
require.Error(t, err) require.Error(t, err)
require.Empty(t, ca) require.Empty(t, ca)
require.Empty(t, pk) require.Empty(t, pk)
})
// test what happens with wrong key t.Run("wrong key", func(t *testing.T) {
ca, pk, err = GenerateCA(CAOpts{Signer: &TestSigner{public: &rsa.PublicKey{}}}) ca, pk, err := GenerateCA(CAOpts{Signer: &TestSigner{public: &rsa.PublicKey{}}})
require.Error(t, err) require.Error(t, err)
require.Empty(t, ca) require.Empty(t, ca)
require.Empty(t, pk) require.Empty(t, pk)
})
// test what happens with correct key t.Run("valid key", func(t *testing.T) {
ca, pk, err = GenerateCA(CAOpts{}) ca, pk, err := GenerateCA(CAOpts{})
require.Nil(t, err) require.Nil(t, err)
require.NotEmpty(t, ca) require.NotEmpty(t, ca)
require.NotEmpty(t, pk) require.NotEmpty(t, pk)
cert, err := parseCert(ca) cert, err := parseCert(ca)
require.Nil(t, err) require.Nil(t, err)
require.True(t, strings.HasPrefix(cert.Subject.CommonName, "Consul Agent CA")) require.True(t, strings.HasPrefix(cert.Subject.CommonName, "Consul Agent CA"))
require.Equal(t, true, cert.IsCA) require.Equal(t, true, cert.IsCA)
require.Equal(t, true, cert.BasicConstraintsValid) require.Equal(t, true, cert.BasicConstraintsValid)
require.WithinDuration(t, cert.NotBefore, time.Now(), time.Minute) require.WithinDuration(t, cert.NotBefore, time.Now(), time.Minute)
require.WithinDuration(t, cert.NotAfter, time.Now().AddDate(0, 0, 365), time.Minute) require.WithinDuration(t, cert.NotAfter, time.Now().AddDate(0, 0, 365), time.Minute)
require.Equal(t, x509.KeyUsageCertSign|x509.KeyUsageCRLSign|x509.KeyUsageDigitalSignature, cert.KeyUsage) require.Equal(t, x509.KeyUsageCertSign|x509.KeyUsageCRLSign|x509.KeyUsageDigitalSignature, cert.KeyUsage)
})
// Test what happens with a correct RSA Key t.Run("RSA key", func(t *testing.T) {
s, err := rsa.GenerateKey(rand.Reader, 2048) ca, pk, err := GenerateCA(CAOpts{})
require.Nil(t, err) require.NoError(t, err)
ca, _, err = GenerateCA(CAOpts{Signer: &TestSigner{public: s.Public()}}) require.NotEmpty(t, ca)
require.NoError(t, err) require.NotEmpty(t, pk)
require.NotEmpty(t, ca)
cert, err = parseCert(ca) cert, err := parseCert(ca)
require.NoError(t, err) require.NoError(t, err)
require.True(t, strings.HasPrefix(cert.Subject.CommonName, "Consul Agent CA")) require.True(t, strings.HasPrefix(cert.Subject.CommonName, "Consul Agent CA"))
require.Equal(t, true, cert.IsCA) require.Equal(t, true, cert.IsCA)
require.Equal(t, true, cert.BasicConstraintsValid) require.Equal(t, true, cert.BasicConstraintsValid)
require.WithinDuration(t, cert.NotBefore, time.Now(), time.Minute) require.WithinDuration(t, cert.NotBefore, time.Now(), time.Minute)
require.WithinDuration(t, cert.NotAfter, time.Now().AddDate(0, 0, 365), time.Minute) require.WithinDuration(t, cert.NotAfter, time.Now().AddDate(0, 0, 365), time.Minute)
require.Equal(t, x509.KeyUsageCertSign|x509.KeyUsageCRLSign|x509.KeyUsageDigitalSignature, cert.KeyUsage) require.Equal(t, x509.KeyUsageCertSign|x509.KeyUsageCRLSign|x509.KeyUsageDigitalSignature, cert.KeyUsage)
})
} }
func TestGenerateCert(t *testing.T) { func TestGenerateCert(t *testing.T) {