diff options
author | Mark Sargent <99003+sarge@users.noreply.github.com> | 2020-03-23 13:08:02 +1300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-22 18:08:02 -0600 |
commit | 8cc60e6896b7c030891a3578ae2405a14b2fed49 (patch) | |
tree | 34f23ea2f2e6e79bc578cba8dcd4d5cba315b43e | |
parent | bea8dedfb2b3bc11ad910853bcbe5601c729b548 (diff) |
ci: test local CA and update SNI tests (#3145)
* run caddy tests in process
* call main with run args
* exclude tests - windows
* include json example
* disable caddyfile tests, include json test with non trusted local ca
* converted SNI tests to json syntax
-rw-r--r-- | caddytest/caddytest.go | 30 | ||||
-rw-r--r-- | caddytest/integration/caddyfile_test.go | 68 | ||||
-rw-r--r-- | caddytest/integration/sni_test.go | 277 |
3 files changed, 306 insertions, 69 deletions
diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go index 89e457c..a020be9 100644 --- a/caddytest/caddytest.go +++ b/caddytest/caddytest.go @@ -18,6 +18,11 @@ import ( "strings" "testing" "time" + + caddycmd "github.com/caddyserver/caddy/v2/cmd" + + // plug in Caddy modules here + _ "github.com/caddyserver/caddy/v2/modules/standard" ) // Defaults store any configuration required to make the tests run @@ -145,6 +150,30 @@ func validateTestPrerequisites() error { } } + if isCaddyAdminRunning() != nil { + // start inprocess caddy server + os.Args = []string{"caddy", "run"} + go func() { + caddycmd.Main() + }() + + // wait for caddy to start + retries := 4 + for ; retries > 0 && isCaddyAdminRunning() != nil; retries-- { + time.Sleep(10 * time.Millisecond) + } + } + + // assert that caddy is running + if err := isCaddyAdminRunning(); err != nil { + return err + } + + arePrerequisitesValid = true + return nil +} + +func isCaddyAdminRunning() error { // assert that caddy is running client := &http.Client{ Timeout: time.Second * 2, @@ -154,7 +183,6 @@ func validateTestPrerequisites() error { return errors.New("caddy integration test caddy server not running. Expected to be listening on localhost:2019") } - arePrerequisitesValid = true return nil } diff --git a/caddytest/integration/caddyfile_test.go b/caddytest/integration/caddyfile_test.go index 3e89a26..dd3dcba 100644 --- a/caddytest/integration/caddyfile_test.go +++ b/caddytest/integration/caddyfile_test.go @@ -66,71 +66,3 @@ func TestDuplicateHosts(t *testing.T) { "caddyfile", "duplicate site address not allowed") } - -func TestDefaultSNI(t *testing.T) { - - // arrange - caddytest.InitServer(t, ` - { - http_port 9080 - https_port 9443 - default_sni *.caddy.localhost - } - - 127.0.0.1:9443 { - tls /caddy.localhost.crt /caddy.localhost.key - respond /version 200 { - body "hello from a" - } - } - `, "caddyfile") - - // act and assert - caddytest.AssertGetResponse(t, "https://127.0.0.1:9443/version", 200, "hello from a") -} - -func TestDefaultSNIWithNamedHostAndExplicitIP(t *testing.T) { - - // arrange - caddytest.InitServer(t, ` - { - http_port 9080 - https_port 9443 - default_sni a.caddy.localhost - } - - a.caddy.localhost:9443, 127.0.0.1:9443 { - tls /a.caddy.localhost.crt /a.caddy.localhost.key - respond /version 200 { - body "hello from a" - } - } - `, "caddyfile") - - // act and assert - // makes a request with no sni - caddytest.AssertGetResponse(t, "https://127.0.0.1:9443/version", 200, "hello from a") -} - -func TestDefaultSNIWithPortMappingOnly(t *testing.T) { - - // arrange - caddytest.InitServer(t, ` - { - http_port 9080 - https_port 9443 - default_sni a.caddy.localhost - } - - :9443 { - tls /a.caddy.localhost.crt /a.caddy.localhost.key - respond /version 200 { - body "hello from a.caddy.localhost" - } - } - `, "caddyfile") - - // act and assert - // makes a request with no sni - caddytest.AssertGetResponse(t, "https://127.0.0.1:9443/version", 200, "hello from a") -} diff --git a/caddytest/integration/sni_test.go b/caddytest/integration/sni_test.go new file mode 100644 index 0000000..d329782 --- /dev/null +++ b/caddytest/integration/sni_test.go @@ -0,0 +1,277 @@ +package integration + +import ( + "testing" + + "github.com/caddyserver/caddy/v2/caddytest" +) + +func TestDefaultSNI(t *testing.T) { + + // arrange + caddytest.InitServer(t, `{ + "apps": { + "http": { + "http_port": 9080, + "https_port": 9443, + "servers": { + "srv0": { + "listen": [ + ":9443" + ], + "routes": [ + { + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "hello from a.caddy.localhost", + "handler": "static_response", + "status_code": 200 + } + ], + "match": [ + { + "path": [ + "/version" + ] + } + ] + } + ] + } + ], + "match": [ + { + "host": [ + "127.0.0.1" + ] + } + ], + "terminal": true + } + ], + "tls_connection_policies": [ + { + "certificate_selection": { + "policy": "custom", + "tag": "cert0" + }, + "match": { + "sni": [ + "127.0.0.1" + ] + } + }, + { + "default_sni": "*.caddy.localhost" + } + ] + } + } + }, + "tls": { + "certificates": { + "load_files": [ + { + "certificate": "/caddy.localhost.crt", + "key": "/caddy.localhost.key", + "tags": [ + "cert0" + ] + } + ] + } + }, + "pki": { + "certificate_authorities" : { + "local" : { + "install_trust": false + } + } + } + } + } + `, "json") + + // act and assert + // makes a request with no sni + caddytest.AssertGetResponse(t, "https://127.0.0.1:9443/version", 200, "hello from a") +} + +func TestDefaultSNIWithNamedHostAndExplicitIP(t *testing.T) { + + // arrange + caddytest.InitServer(t, ` + { + "apps": { + "http": { + "http_port": 9080, + "https_port": 9443, + "servers": { + "srv0": { + "listen": [ + ":9443" + ], + "routes": [ + { + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "hello from a", + "handler": "static_response", + "status_code": 200 + } + ], + "match": [ + { + "path": [ + "/version" + ] + } + ] + } + ] + } + ], + "match": [ + { + "host": [ + "a.caddy.localhost", + "127.0.0.1" + ] + } + ], + "terminal": true + } + ], + "tls_connection_policies": [ + { + "certificate_selection": { + "policy": "custom", + "tag": "cert0" + }, + "default_sni": "a.caddy.localhost", + "match": { + "sni": [ + "a.caddy.localhost", + "127.0.0.1", + "" + ] + } + }, + { + "default_sni": "a.caddy.localhost" + } + ] + } + } + }, + "tls": { + "certificates": { + "load_files": [ + { + "certificate": "/a.caddy.localhost.crt", + "key": "/a.caddy.localhost.key", + "tags": [ + "cert0" + ] + } + ] + } + }, + "pki": { + "certificate_authorities" : { + "local" : { + "install_trust": false + } + } + } + } + } + `, "json") + + // act and assert + // makes a request with no sni + caddytest.AssertGetResponse(t, "https://127.0.0.1:9443/version", 200, "hello from a") +} + +func TestDefaultSNIWithPortMappingOnly(t *testing.T) { + + // arrange + caddytest.InitServer(t, ` + { + "apps": { + "http": { + "http_port": 9080, + "https_port": 9443, + "servers": { + "srv0": { + "listen": [ + ":9443" + ], + "routes": [ + { + "handle": [ + { + "body": "hello from a.caddy.localhost", + "handler": "static_response", + "status_code": 200 + } + ], + "match": [ + { + "path": [ + "/version" + ] + } + ] + } + ], + "tls_connection_policies": [ + { + "certificate_selection": { + "policy": "custom", + "tag": "cert0" + }, + "default_sni": "a.caddy.localhost" + } + ] + } + } + }, + "tls": { + "certificates": { + "load_files": [ + { + "certificate": "/a.caddy.localhost.crt", + "key": "/a.caddy.localhost.key", + "tags": [ + "cert0" + ] + } + ] + } + }, + "pki": { + "certificate_authorities" : { + "local" : { + "install_trust": false + } + } + } + } + } + `, "json") + + // act and assert + // makes a request with no sni + caddytest.AssertGetResponse(t, "https://127.0.0.1:9443/version", 200, "hello from a") +} |