github.com/chenbh/concourse/v6@v6.4.2/fly/integration/login_insecure_test.go (about) 1 package integration_test 2 3 import ( 4 "encoding/pem" 5 "io" 6 "io/ioutil" 7 "log" 8 "os/exec" 9 10 . "github.com/onsi/ginkgo" 11 . "github.com/onsi/gomega" 12 "github.com/onsi/gomega/gbytes" 13 "github.com/onsi/gomega/gexec" 14 "github.com/onsi/gomega/ghttp" 15 16 "github.com/chenbh/concourse/v6/fly/rc" 17 ) 18 19 var _ = Describe("login -k Command", func() { 20 var loginATCServer *ghttp.Server 21 22 Describe("login", func() { 23 var ( 24 flyCmd *exec.Cmd 25 stdin io.WriteCloser 26 ) 27 BeforeEach(func() { 28 l := log.New(GinkgoWriter, "TLSServer", 0) 29 loginATCServer = ghttp.NewUnstartedServer() 30 loginATCServer.HTTPTestServer.Config.ErrorLog = l 31 loginATCServer.HTTPTestServer.StartTLS() 32 }) 33 34 AfterEach(func() { 35 loginATCServer.Close() 36 }) 37 38 Context("to new target with invalid SSL with -k", func() { 39 BeforeEach(func() { 40 loginATCServer.AppendHandlers( 41 infoHandler(), 42 tokenHandler(), 43 userInfoHandler(), 44 ) 45 46 flyCmd = exec.Command(flyPath, "-t", "some-target", "login", "-c", loginATCServer.URL(), "-k", "-u", "some_user", "-p", "some_pass") 47 48 var err error 49 stdin, err = flyCmd.StdinPipe() 50 Expect(err).NotTo(HaveOccurred()) 51 }) 52 53 It("succeeds", func() { 54 sess, err := gexec.Start(flyCmd, GinkgoWriter, GinkgoWriter) 55 Expect(err).NotTo(HaveOccurred()) 56 57 Consistently(sess.Out.Contents).ShouldNot(ContainSubstring("some_pass")) 58 59 Eventually(sess.Out).Should(gbytes.Say("target saved")) 60 61 err = stdin.Close() 62 Expect(err).NotTo(HaveOccurred()) 63 64 <-sess.Exited 65 Expect(sess.ExitCode()).To(Equal(0)) 66 }) 67 68 Context("login to existing target", func() { 69 var otherCmd *exec.Cmd 70 BeforeEach(func() { 71 loginATCServer.AppendHandlers( 72 infoHandler(), 73 tokenHandler(), 74 userInfoHandler(), 75 ) 76 77 sess, err := gexec.Start(flyCmd, GinkgoWriter, GinkgoWriter) 78 Expect(err).NotTo(HaveOccurred()) 79 80 Eventually(sess.Out).Should(gbytes.Say("target saved")) 81 82 <-sess.Exited 83 Expect(sess.ExitCode()).To(Equal(0)) 84 }) 85 86 Context("with -k", func() { 87 BeforeEach(func() { 88 otherCmd = exec.Command(flyPath, "-t", "some-target", "login", "-k", "-u", "some_user", "-p", "some_pass") 89 }) 90 91 It("succeeds", func() { 92 sess, err := gexec.Start(otherCmd, GinkgoWriter, GinkgoWriter) 93 Expect(err).NotTo(HaveOccurred()) 94 95 Eventually(sess.Out).Should(gbytes.Say("target saved")) 96 97 <-sess.Exited 98 Expect(sess.ExitCode()).To(Equal(0)) 99 }) 100 }) 101 102 Context("without -k", func() { 103 BeforeEach(func() { 104 otherCmd = exec.Command(flyPath, "-t", "some-target", "login", "-u", "some_user", "-p", "some_pass") 105 }) 106 107 It("errors", func() { 108 sess, err := gexec.Start(otherCmd, GinkgoWriter, GinkgoWriter) 109 Expect(err).NotTo(HaveOccurred()) 110 111 <-sess.Exited 112 Expect(sess.ExitCode()).To(Equal(1)) 113 Eventually(sess.Err).Should(gbytes.Say("x509: certificate signed by unknown authority")) 114 }) 115 }) 116 }) 117 }) 118 119 Context("to new target with invalid SSL without -k", func() { 120 Context("without --ca-cert", func() { 121 BeforeEach(func() { 122 flyCmd = exec.Command(flyPath, "-t", "some-target", "login", "-c", loginATCServer.URL(), "-u", "some_user", "-p", "some_pass") 123 124 var err error 125 stdin, err = flyCmd.StdinPipe() 126 Expect(err).NotTo(HaveOccurred()) 127 }) 128 129 It("errors", func() { 130 sess, err := gexec.Start(flyCmd, GinkgoWriter, GinkgoWriter) 131 Expect(err).NotTo(HaveOccurred()) 132 133 err = stdin.Close() 134 Expect(err).NotTo(HaveOccurred()) 135 136 <-sess.Exited 137 Expect(sess.ExitCode()).To(Equal(1)) 138 Eventually(sess.Err).Should(gbytes.Say("x509: certificate signed by unknown authority")) 139 }) 140 }) 141 142 Context("with --ca-cert", func() { 143 var ( 144 sslCert string 145 ) 146 147 BeforeEach(func() { 148 sslCert = string(pem.EncodeToMemory(&pem.Block{ 149 Type: "CERTIFICATE", 150 Bytes: loginATCServer.HTTPTestServer.TLS.Certificates[0].Certificate[0], 151 })) 152 153 caCertFile, err := ioutil.TempFile("", "ca_cert.pem") 154 Expect(err).NotTo(HaveOccurred()) 155 156 _, err = caCertFile.WriteString(sslCert) 157 Expect(err).NotTo(HaveOccurred()) 158 159 flyCmd = exec.Command(flyPath, "-t", "some-target", "login", "-c", loginATCServer.URL(), "--ca-cert", caCertFile.Name(), "-u", "some_user", "-p", "some_pass") 160 161 loginATCServer.AppendHandlers( 162 infoHandler(), 163 tokenHandler(), 164 userInfoHandler(), 165 ) 166 }) 167 168 It("succeeds", func() { 169 sess, err := gexec.Start(flyCmd, GinkgoWriter, GinkgoWriter) 170 Expect(err).NotTo(HaveOccurred()) 171 172 Consistently(sess.Out.Contents).ShouldNot(ContainSubstring("some_pass")) 173 174 Eventually(sess.Out).Should(gbytes.Say("target saved")) 175 176 <-sess.Exited 177 Expect(sess.ExitCode()).To(Equal(0)) 178 179 By("saving the CA cert to the .flyrc", func() { 180 returnedTarget, err := rc.LoadTarget("some-target", false) 181 Expect(err).NotTo(HaveOccurred()) 182 Expect(returnedTarget.CACert()).To(Equal(sslCert)) 183 }) 184 }) 185 }) 186 }) 187 188 Context("to existing target with invalid SSL certificate", func() { 189 Context("when 'insecure' is not set", func() { 190 BeforeEach(func() { 191 createFlyRc(rc.Targets{ 192 "some-target": { 193 API: loginATCServer.URL(), 194 TeamName: "main", 195 CACert: "some-ca-cert", 196 Token: &rc.TargetToken{Type: "Bearer", Value: validAccessToken(date(2020, 1, 1))}, 197 }, 198 }) 199 }) 200 201 Context("with -k", func() { 202 BeforeEach(func() { 203 loginATCServer.AppendHandlers( 204 infoHandler(), 205 tokenHandler(), 206 userInfoHandler(), 207 ) 208 209 flyCmd = exec.Command(flyPath, "-t", "some-target", "login", "-k", "-u", "some_user", "-p", "some_pass") 210 }) 211 212 It("succeeds", func() { 213 sess, err := gexec.Start(flyCmd, GinkgoWriter, GinkgoWriter) 214 Expect(err).NotTo(HaveOccurred()) 215 216 Consistently(sess.Out.Contents).ShouldNot(ContainSubstring("some_pass")) 217 218 Eventually(sess.Out).Should(gbytes.Say("target saved")) 219 220 <-sess.Exited 221 Expect(sess.ExitCode()).To(Equal(0)) 222 223 By("saving the CA cert to the .flyrc", func() { 224 returnedTarget, err := rc.LoadTarget("some-target", false) 225 Expect(err).NotTo(HaveOccurred()) 226 Expect(returnedTarget.CACert()).To(Equal("")) 227 }) 228 }) 229 }) 230 231 Context("without -k", func() { 232 BeforeEach(func() { 233 flyCmd = exec.Command(flyPath, "-t", "some-target", "login") 234 }) 235 236 It("errors", func() { 237 sess, err := gexec.Start(flyCmd, GinkgoWriter, GinkgoWriter) 238 Expect(err).NotTo(HaveOccurred()) 239 240 <-sess.Exited 241 Expect(sess.ExitCode()).To(Equal(1)) 242 Eventually(sess.Err).Should(gbytes.Say("CA Cert not valid")) 243 }) 244 }) 245 }) 246 }) 247 }) 248 })