agent: CA root HTTP endpoints

This commit is contained in:
Mitchell Hashimoto 2018-03-21 10:20:35 -07:00
parent e40afd6a73
commit 571d9aa785
No known key found for this signature in database
GPG Key ID: 744E147AA52F5B0A
2 changed files with 67 additions and 5 deletions

View File

@ -16,6 +16,7 @@ import (
"github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/agent/checks" "github.com/hashicorp/consul/agent/checks"
"github.com/hashicorp/consul/agent/config" "github.com/hashicorp/consul/agent/config"
"github.com/hashicorp/consul/agent/connect"
"github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/api" "github.com/hashicorp/consul/api"
"github.com/hashicorp/consul/logger" "github.com/hashicorp/consul/logger"
@ -2024,3 +2025,52 @@ func TestAgent_Token(t *testing.T) {
} }
}) })
} }
func TestAgentConnectCARoots_empty(t *testing.T) {
t.Parallel()
assert := assert.New(t)
a := NewTestAgent(t.Name(), "")
defer a.Shutdown()
req, _ := http.NewRequest("GET", "/v1/agent/connect/ca/roots", nil)
resp := httptest.NewRecorder()
obj, err := a.srv.AgentConnectCARoots(resp, req)
assert.Nil(err)
value := obj.(structs.IndexedCARoots)
assert.Equal(value.ActiveRootID, "")
assert.Len(value.Roots, 0)
}
func TestAgentConnectCARoots_list(t *testing.T) {
t.Parallel()
assert := assert.New(t)
a := NewTestAgent(t.Name(), "")
defer a.Shutdown()
// Set some CAs
var reply interface{}
ca1 := connect.TestCA(t, nil)
ca1.Active = false
ca2 := connect.TestCA(t, nil)
assert.Nil(a.RPC("Test.ConnectCASetRoots",
[]*structs.CARoot{ca1, ca2}, &reply))
// List
req, _ := http.NewRequest("GET", "/v1/agent/connect/ca/roots", nil)
resp := httptest.NewRecorder()
obj, err := a.srv.AgentConnectCARoots(resp, req)
assert.Nil(err)
value := obj.(structs.IndexedCARoots)
assert.Equal(value.ActiveRootID, ca2.ID)
assert.Len(value.Roots, 2)
// We should never have the secret information
for _, r := range value.Roots {
assert.Equal("", r.SigningCert)
assert.Equal("", r.SigningKey)
}
}

View File

@ -5,7 +5,7 @@ import (
"net/http/httptest" "net/http/httptest"
"testing" "testing"
"github.com/hashicorp/consul/agent/consul" "github.com/hashicorp/consul/agent/connect"
"github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
@ -34,15 +34,27 @@ func TestConnectCARoots_list(t *testing.T) {
a := NewTestAgent(t.Name(), "") a := NewTestAgent(t.Name(), "")
defer a.Shutdown() defer a.Shutdown()
state := consul.TestServerState(a.Agent.delegate.(*consul.Server)) // Set some CAs
t.Log(state.CARoots(nil)) var reply interface{}
ca1 := connect.TestCA(t, nil)
ca1.Active = false
ca2 := connect.TestCA(t, nil)
assert.Nil(a.RPC("Test.ConnectCASetRoots",
[]*structs.CARoot{ca1, ca2}, &reply))
// List
req, _ := http.NewRequest("GET", "/v1/connect/ca/roots", nil) req, _ := http.NewRequest("GET", "/v1/connect/ca/roots", nil)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
obj, err := a.srv.ConnectCARoots(resp, req) obj, err := a.srv.ConnectCARoots(resp, req)
assert.Nil(err) assert.Nil(err)
value := obj.(structs.IndexedCARoots) value := obj.(structs.IndexedCARoots)
assert.Equal(value.ActiveRootID, "") assert.Equal(value.ActiveRootID, ca2.ID)
assert.Len(value.Roots, 0) assert.Len(value.Roots, 2)
// We should never have the secret information
for _, r := range value.Roots {
assert.Equal("", r.SigningCert)
assert.Equal("", r.SigningKey)
}
} }