github.com/kjdelisle/consul@v1.4.5/api/connect_ca_test.go

github.com/kjdelisle/consul@v1.4.5/api/connect_ca_test.go (about)

     1  package api
     2  
     3  import (
     4  	"testing"
     5  	"time"
     6  
     7  	"github.com/pascaldekloe/goe/verify"
     8  
     9  	"github.com/hashicorp/consul/testutil"
    10  	"github.com/hashicorp/consul/testutil/retry"
    11  	"github.com/stretchr/testify/require"
    12  )
    13  
    14  func TestAPI_ConnectCARoots_empty(t *testing.T) {
    15  	t.Parallel()
    16  
    17  	require := require.New(t)
    18  	c, s := makeClientWithConfig(t, nil, func(c *testutil.TestServerConfig) {
    19  		// Don't bootstrap CA
    20  		c.Connect = nil
    21  	})
    22  	defer s.Stop()
    23  
    24  	connect := c.Connect()
    25  	_, _, err := connect.CARoots(nil)
    26  
    27  	require.Error(err)
    28  	require.Contains(err.Error(), "Connect must be enabled")
    29  }
    30  
    31  func TestAPI_ConnectCARoots_list(t *testing.T) {
    32  	t.Parallel()
    33  
    34  	c, s := makeClient(t)
    35  	defer s.Stop()
    36  
    37  	// This fails occasionally if server doesn't have time to bootstrap CA so
    38  	// retry
    39  	retry.Run(t, func(r *retry.R) {
    40  		connect := c.Connect()
    41  		list, meta, err := connect.CARoots(nil)
    42  		r.Check(err)
    43  		if meta.LastIndex <= 0 {
    44  			r.Fatalf("expected roots raft index to be > 0")
    45  		}
    46  		if v := len(list.Roots); v != 1 {
    47  			r.Fatalf("expected 1 root, got %d", v)
    48  		}
    49  		// connect.TestClusterID causes import cycle so hard code it
    50  		if list.TrustDomain != "11111111-2222-3333-4444-555555555555.consul" {
    51  			r.Fatalf("expected fixed trust domain got '%s'", list.TrustDomain)
    52  		}
    53  	})
    54  
    55  }
    56  
    57  func TestAPI_ConnectCAConfig_get_set(t *testing.T) {
    58  	t.Parallel()
    59  
    60  	c, s := makeClient(t)
    61  	defer s.Stop()
    62  
    63  	expected := &ConsulCAProviderConfig{
    64  		RotationPeriod: 90 * 24 * time.Hour,
    65  	}
    66  	expected.LeafCertTTL = 72 * time.Hour
    67  
    68  	// This fails occasionally if server doesn't have time to bootstrap CA so
    69  	// retry
    70  	retry.Run(t, func(r *retry.R) {
    71  		connect := c.Connect()
    72  
    73  		conf, _, err := connect.CAGetConfig(nil)
    74  		r.Check(err)
    75  		if conf.Provider != "consul" {
    76  			r.Fatalf("expected default provider, got %q", conf.Provider)
    77  		}
    78  		parsed, err := ParseConsulCAConfig(conf.Config)
    79  		r.Check(err)
    80  		verify.Values(r, "", parsed, expected)
    81  
    82  		// Change a config value and update
    83  		conf.Config["PrivateKey"] = ""
    84  		conf.Config["RotationPeriod"] = 120 * 24 * time.Hour
    85  		_, err = connect.CASetConfig(conf, nil)
    86  		r.Check(err)
    87  
    88  		updated, _, err := connect.CAGetConfig(nil)
    89  		r.Check(err)
    90  		expected.RotationPeriod = 120 * 24 * time.Hour
    91  		parsed, err = ParseConsulCAConfig(updated.Config)
    92  		r.Check(err)
    93  		verify.Values(r, "", parsed, expected)
    94  	})
    95  }