status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

chore(test): Update bats version

This commit is contained in:
DanStough 2022-05-20 17:17:23 -04:00 committed by Dan Stough
parent 147fd96d97
commit 817449041d
6 changed files with 119 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
agent/structs/config_entry.go
View File

@ -207,13 +207,6 @@ func (e *ServiceConfigEntry) Validate() error {
if e.Endpoint.Port < 1 || e.Endpoint.Port > 65535 { if e.Endpoint.Port < 1 || e.Endpoint.Port > 65535 {
validationErr = multierror.Append(validationErr, fmt.Errorf("Invalid Port number %d", e.Endpoint.Port)) validationErr = multierror.Append(validationErr, fmt.Errorf("Invalid Port number %d", e.Endpoint.Port))
} }
// If either client cert config file was specified then the CA file, client cert, and key file must be specified
// Specifying only a CAFile is allowed for one-way TLS
if (e.Endpoint.CertFile != "" || e.Endpoint.KeyFile != "") &&
!(e.Endpoint.CAFile != "" && e.Endpoint.CertFile != "" && e.Endpoint.KeyFile != "") {
validationErr = multierror.Append(validationErr, errors.New("Endpoint must have a CertFile, CAFile, and KeyFile specified for TLS origination"))
}
} }
return validationErr return validationErr
@ -238,22 +231,6 @@ func validateEndpointAddress(address string) error {
return nil return nil
} }
func (e *ServiceConfigEntry) Warnings() []string {
if e == nil {
return nil
}
warnings := make([]string, 0)
if e.Endpoint != nil {
if (e.Endpoint.CAFile != "" || e.Endpoint.CertFile != "" || e.Endpoint.KeyFile != "") && e.Endpoint.SNI == "" {
warning := fmt.Sprintf("TLS is configured but SNI is not set for the endpoint. Enabling SNI is strongly recommended when using TLS.")
warnings = append(warnings, warning)
}
}
return warnings
}
func (e *ServiceConfigEntry) CanRead(authz acl.Authorizer) error { func (e *ServiceConfigEntry) CanRead(authz acl.Authorizer) error {
var authzContext acl.AuthorizerContext var authzContext acl.AuthorizerContext
e.FillAuthzContext(&authzContext) e.FillAuthzContext(&authzContext)
@ -321,21 +298,6 @@ type EndpointConfig struct {
// Port allowed within this endpoint // Port allowed within this endpoint
Port int `json:",omitempty"` Port int `json:",omitempty"`
// CAFile is the optional path to a CA certificate to use for TLS connections
// from the gateway to the linked service
CAFile string `json:",omitempty" alias:"ca_file"`
// CertFile is the optional path to a client certificate to use for TLS connections
// from the gateway to the linked service
CertFile string `json:",omitempty" alias:"cert_file"`
// KeyFile is the optional path to a private key to use for TLS connections
// from the gateway to the linked service
KeyFile string `json:",omitempty" alias:"key_file"`
// SNI is the optional name to specify during the TLS handshake with a linked service.
SNI string `json:",omitempty"`
} }
// ProxyConfigEntry is the top-level struct for global proxy configuration defaults. // ProxyConfigEntry is the top-level struct for global proxy configuration defaults.

88
agent/structs/config_entry_test.go
View File

@ -436,10 +436,6 @@ func TestDecodeConfigEntry(t *testing.T) {
endpoint { endpoint {
address = "1.2.3.4/24" address = "1.2.3.4/24"
port = 8080 port = 8080
ca_file = "ca.pem"
cert_file = "cert.pem"
key_file = "key.pem"
sni = "external.com"
} }
`, `,
camel: ` camel: `
@ -449,10 +445,6 @@ func TestDecodeConfigEntry(t *testing.T) {
Endpoint { Endpoint {
Address = "1.2.3.4/24" Address = "1.2.3.4/24"
Port = 8080 Port = 8080
CAFile = "ca.pem"
CertFile = "cert.pem"
KeyFile = "key.pem"
SNI = "external.com"
} }
`, `,
expect: &ServiceConfigEntry{ expect: &ServiceConfigEntry{
@ -462,10 +454,6 @@ func TestDecodeConfigEntry(t *testing.T) {
Endpoint: &EndpointConfig{ Endpoint: &EndpointConfig{
Address: "1.2.3.4/24", Address: "1.2.3.4/24",
Port: 8080, Port: 8080,
CAFile: "ca.pem",
CertFile: "cert.pem",
KeyFile: "key.pem",
SNI: "external.com",
}, },
}, },
}, },
@ -2511,82 +2499,6 @@ func TestServiceConfigEntry(t *testing.T) {
}, },
validateErr: "Invalid Port number", validateErr: "Invalid Port number",
}, },
"validate: not all TLS options provided-1": {
entry: &ServiceConfigEntry{
Kind: ServiceDefaults,
Name: "external",
Protocol: "tcp",
Endpoint: &EndpointConfig{
Address: "2001:db8::8a2e:370:7334/64",
Port: 443,
CertFile: "client.crt",
},
},
validateErr: "must have a CertFile, CAFile, and KeyFile",
},
"validate: not all TLS options provided-2": {
entry: &ServiceConfigEntry{
Kind: ServiceDefaults,
Name: "external",
Protocol: "tcp",
Endpoint: &EndpointConfig{
Address: "2001:db8::8a2e:370:7334/64",
Port: 443,
KeyFile: "tls.key",
},
},
validateErr: "must have a CertFile, CAFile, and KeyFile",
},
"validate: all TLS options provided": {
entry: &ServiceConfigEntry{
Kind: ServiceDefaults,
Name: "external",
Protocol: "tcp",
Endpoint: &EndpointConfig{
Address: "2001:db8::8a2e:370:7334/64",
Port: 443,
CAFile: "ca.crt",
CertFile: "client.crt",
KeyFile: "tls.key",
},
},
},
"validate: only providing ca file is allowed": {
entry: &ServiceConfigEntry{
Kind: ServiceDefaults,
Name: "external",
Protocol: "tcp",
Endpoint: &EndpointConfig{
Address: "2001:db8::8a2e:370:7334/64",
Port: 443,
CAFile: "ca.crt",
},
},
},
"validate: wildcard is allowed for hostname": {
entry: &ServiceConfigEntry{
Kind: ServiceDefaults,
Name: "external",
Protocol: "tcp",
Endpoint: &EndpointConfig{
Address: "*.external.com",
Port: 443,
CAFile: "ca.crt",
},
},
},
"validate: hostname": {
entry: &ServiceConfigEntry{
Kind: ServiceDefaults,
Name: "external",
Protocol: "tcp",
Endpoint: &EndpointConfig{
Address: "api.external.com",
Port: 443,
CAFile: "ca.crt",
},
},
},
"validate: invalid hostname 1": { "validate: invalid hostname 1": {
entry: &ServiceConfigEntry{ entry: &ServiceConfigEntry{
Kind: ServiceDefaults, Kind: ServiceDefaults,

15
api/config_entry.go
View File

@ -186,21 +186,6 @@ type EndpointConfig struct {
// Port allowed within this endpoint // Port allowed within this endpoint
Port int `json:",omitempty"` Port int `json:",omitempty"`
// CAFile is the optional path to a CA certificate to use for TLS connections
// from the gateway to the linked service
CAFile string `json:",omitempty" alias:"ca_file"`
// CertFile is the optional path to a client certificate to use for TLS connections
// from the gateway to the linked service
CertFile string `json:",omitempty" alias:"cert_file"`
// KeyFile is the optional path to a private key to use for TLS connections
// from the gateway to the linked service
KeyFile string `json:",omitempty" alias:"key_file"`
// SNI is the optional name to specify during the TLS handshake with a linked service.
SNI string `json:",omitempty"`
} }
type PassiveHealthCheck struct { type PassiveHealthCheck struct {

10
api/config_entry_test.go
View File

@ -532,11 +532,7 @@ func TestDecodeConfigEntry(t *testing.T) {
"Protocol": "http", "Protocol": "http",
"Endpoint": { "Endpoint": {
"Address": "1.2.3.4/24", "Address": "1.2.3.4/24",
"Port": 443, "Port": 443
"CAFile": "ca.pem",
"CertFile": "crt.pem",
"KeyFile": "key.pem",
"SNI": "external.com"
} }
} }
`, `,
@ -547,10 +543,6 @@ func TestDecodeConfigEntry(t *testing.T) {
Endpoint: &EndpointConfig{ Endpoint: &EndpointConfig{
Address: "1.2.3.4/24", Address: "1.2.3.4/24",
Port: 443, Port: 443,
CAFile: "ca.pem",
CertFile: "crt.pem",
KeyFile: "key.pem",
SNI: "external.com",
}, },
}, },
}, },

114
command/config/write/config_write_test.go
View File

@ -491,7 +491,7 @@ func TestParseConfigEntry(t *testing.T) {
}, },
}, },
{ {
name: "service-defaults: kitchen sink", name: "service-defaults: kitchen sink (upstreams edition)",
snake: ` snake: `
kind = "service-defaults" kind = "service-defaults"
name = "main" name = "main"
@ -792,6 +792,118 @@ func TestParseConfigEntry(t *testing.T) {
}, },
}, },
}, },
{
name: "service-defaults: kitchen sink (endpoint edition)",
snake: `
kind = "service-defaults"
name = "main"
meta {
"foo" = "bar"
"gir" = "zim"
}
protocol = "grpc"
mesh_gateway {
mode = "remote"
}
mode = "transparent"
transparent_proxy = {
outbound_listener_port = 10101
dialed_directly = true
}
endpoint = {
address = "10.0.0.0/16",
port = 443
}
`,
camel: `
Kind = "service-defaults"
Name = "main"
Meta {
"foo" = "bar"
"gir" = "zim"
}
Protocol = "grpc"
MeshGateway {
Mode = "remote"
}
Mode = "transparent"
TransparentProxy = {
outbound_listener_port = 10101
dialed_directly = true
}
Endpoint = {
Address = "10.0.0.0/16",
Port = 443
}
`,
snakeJSON: `
{
"kind": "service-defaults",
"name": "main",
"meta" : {
"foo": "bar",
"gir": "zim"
},
"protocol": "grpc",
"mesh_gateway": {
"mode": "remote"
},
"mode": "transparent",
"transparent_proxy": {
"outbound_listener_port": 10101,
"dialed_directly": true
},
"endpoint": {
"address": "10.0.0.0/16",
"port": 443
}
}
`,
camelJSON: `
{
"Kind": "service-defaults",
"Name": "main",
"Meta" : {
"foo": "bar",
"gir": "zim"
},
"Protocol": "grpc",
"MeshGateway": {
"Mode": "remote"
},
"Mode": "transparent",
"TransparentProxy": {
"OutboundListenerPort": 10101,
"DialedDirectly": true
},
"Endpoint": {
"Address": "10.0.0.0/16",
"Port": 443
}
}
`,
expect: &api.ServiceConfigEntry{
Kind: "service-defaults",
Name: "main",
Meta: map[string]string{
"foo": "bar",
"gir": "zim",
},
Protocol: "grpc",
MeshGateway: api.MeshGatewayConfig{
Mode: api.MeshGatewayModeRemote,
},
Mode: api.ProxyModeTransparent,
TransparentProxy: &api.TransparentProxyConfig{
OutboundListenerPort: 10101,
DialedDirectly: true,
},
Endpoint: &api.EndpointConfig{
Address: "10.0.0.0/16",
Port: 443,
},
},
},
{ {
name: "service-router: kitchen sink", name: "service-router: kitchen sink",
snake: ` snake: `

2
test/integration/connect/envoy/Dockerfile-bats
View File

@ -1,6 +1,6 @@
FROM docker.mirror.hashicorp.services/fortio/fortio AS fortio FROM docker.mirror.hashicorp.services/fortio/fortio AS fortio
FROM docker.mirror.hashicorp.services/bats/bats:1.6.0 FROM docker.mirror.hashicorp.services/bats/bats:1.7.0
RUN apk add curl RUN apk add curl
RUN apk add openssl RUN apk add openssl