Added testing of GRPC with TLS combinations

This ensures that https://github.com/hashicorp/consul/issues/9474 will not reproduce.
2021-01-06 22:05:07 +01:00 · 2021-01-06 22:05:07 +01:00 · 994fe80358
parent e2f2d4b0d7
commit 994fe80358
1 changed files with 107 additions and 0 deletions
--- a/agent/streaming_test.go
+++ b/agent/streaming_test.go
@ -0,0 +1,107 @@
+package agent
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/sdk/testutil"
+	"github.com/hashicorp/consul/testrpc"
+)
+
+func testGRPCStreamingWorking(t *testing.T, config string) {
+	if testing.Short() {
+		t.Skip("too slow for testing.Short")
+	}
+
+	a := NewTestAgent(t, config)
+	defer a.Shutdown()
+
+	testrpc.WaitForLeader(t, a.RPC, "dc1")
+
+	req, _ := http.NewRequest("GET", "/v1/health/service/consul?index=3", nil)
+	resp := httptest.NewRecorder()
+	_, err := a.srv.HealthServiceNodes(resp, req)
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+
+	assertIndex(t, resp)
+	require.NotEmpty(t, resp.Header().Get("X-Consul-Index"))
+}
+
+func TestGRPCWithTLSConfigs(t *testing.T) {
+	t.Parallel()
+	testCases := []struct {
+		name   string
+		config string
+	}{
+		{
+			name:   "no-tls",
+			config: "",
+		},
+		{
+			name: "tls-all-enabled",
+			config: `
+				# tls
+				ca_file   = "../test/hostname/CertAuth.crt"
+				cert_file = "../test/hostname/Bob.crt"
+				key_file  = "../test/hostname/Bob.key"
+				verify_incoming               = true
+				verify_outgoing               = true
+				verify_server_hostname        = true
+				`,
+		},
+		{
+			name: "tls ready no verify incoming",
+			config: `
+				# tls
+				ca_file   = "../test/hostname/CertAuth.crt"
+				cert_file = "../test/hostname/Bob.crt"
+				key_file  = "../test/hostname/Bob.key"
+				verify_incoming               = false
+				verify_outgoing               = true
+				verify_server_hostname        = false
+				`,
+		},
+		{
+			name: "tls ready no verify outgoing and incoming",
+			config: `
+				# tls
+				ca_file   = "../test/hostname/CertAuth.crt"
+				cert_file = "../test/hostname/Bob.crt"
+				key_file  = "../test/hostname/Bob.key"
+				verify_incoming               = false
+				verify_outgoing               = false
+				verify_server_hostname        = false
+				`,
+		},
+		{
+			name: "tls ready, all defaults",
+			config: `
+				# tls
+				ca_file   = "../test/hostname/CertAuth.crt"
+				cert_file = "../test/hostname/Bob.crt"
+				key_file  = "../test/hostname/Bob.key"
+				`,
+		},
+	}
+	for _, tt := range testCases {
+		t.Run(tt.name, func(t *testing.T) {
+			dataDir := testutil.TempDir(t, "agent") // we manage the data dir
+			cfg := `data_dir = "` + dataDir + `"
+					domain = "consul"
+					node_name = "my-fancy-server"
+					datacenter = "dc1"
+					primary_datacenter = "dc1"
+					rpc {
+						enable_streaming = true
+					}
+					use_streaming_backend = true
+			       ` + tt.config
+			testGRPCStreamingWorking(t, cfg)
+		})
+	}
+}