luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Fix broken tests from PR merge related to proxy secure defaults

This commit is contained in:
Mitchell Hashimoto 2018-06-13 09:34:20 +01:00 committed by Jack Pearkes
parent a3ef9c2308
commit 8c349a2b24
2 changed files with 41 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
agent/agent_endpoint_test.go
View File

@ -2285,11 +2285,7 @@ func TestAgentConnectCALeafCert_aclDefaultDeny(t *testing.T) {
t.Parallel()
require := require.New(t)
a := NewTestAgent(t.Name(), TestACLConfig()+`
connect {
enabled = true
}
`)
a := NewTestAgent(t.Name(), TestACLConfig()+testAllowProxyConfig())
defer a.Shutdown()
// Register a service with a managed proxy
@ -2325,11 +2321,7 @@ func TestAgentConnectCALeafCert_aclProxyToken(t *testing.T) {
t.Parallel()
require := require.New(t)
a := NewTestAgent(t.Name(), TestACLConfig()+`
connect {
enabled = true
}
`)
a := NewTestAgent(t.Name(), TestACLConfig()+testAllowProxyConfig())
defer a.Shutdown()
// Register a service with a managed proxy
@ -2374,11 +2366,7 @@ func TestAgentConnectCALeafCert_aclProxyTokenOther(t *testing.T) {
t.Parallel()
require := require.New(t)
a := NewTestAgent(t.Name(), TestACLConfig()+`
connect {
enabled = true
}
`)
a := NewTestAgent(t.Name(), TestACLConfig()+testAllowProxyConfig())
defer a.Shutdown()
// Register a service with a managed proxy
@ -2442,11 +2430,7 @@ func TestAgentConnectCALeafCert_aclServiceWrite(t *testing.T) {
t.Parallel()
require := require.New(t)
a := NewTestAgent(t.Name(), TestACLConfig()+`
connect {
enabled = true
}
`)
a := NewTestAgent(t.Name(), TestACLConfig()+testAllowProxyConfig())
defer a.Shutdown()
// Register a service with a managed proxy
@ -2503,11 +2487,7 @@ func TestAgentConnectCALeafCert_aclServiceReadDeny(t *testing.T) {
t.Parallel()
require := require.New(t)
a := NewTestAgent(t.Name(), TestACLConfig()+`
connect {
enabled = true
}
`)
a := NewTestAgent(t.Name(), TestACLConfig()+testAllowProxyConfig())
defer a.Shutdown()
// Register a service with a managed proxy
@ -2787,7 +2767,7 @@ func requireLeafValidUnderCA(t *testing.T, issued *structs.IssuedCert,
func TestAgentConnectProxyConfig_Blocking(t *testing.T) {
t.Parallel()
a := NewTestAgent(t.Name(), "")
a := NewTestAgent(t.Name(), testAllowProxyConfig())
defer a.Shutdown()
// Define a local service with a managed proxy. It's registered in the test
@ -2989,11 +2969,7 @@ func TestAgentConnectProxyConfig_aclDefaultDeny(t *testing.T) {
t.Parallel()
require := require.New(t)
a := NewTestAgent(t.Name(), TestACLConfig()+`
connect {
enabled = true
}
`)
a := NewTestAgent(t.Name(), TestACLConfig()+testAllowProxyConfig())
defer a.Shutdown()
// Register a service with a managed proxy
@ -3028,11 +3004,7 @@ func TestAgentConnectProxyConfig_aclProxyToken(t *testing.T) {
t.Parallel()
require := require.New(t)
a := NewTestAgent(t.Name(), TestACLConfig()+`
connect {
enabled = true
}
`)
a := NewTestAgent(t.Name(), TestACLConfig()+testAllowProxyConfig())
defer a.Shutdown()
// Register a service with a managed proxy
@ -3079,11 +3051,7 @@ func TestAgentConnectProxyConfig_aclServiceWrite(t *testing.T) {
t.Parallel()
require := require.New(t)
a := NewTestAgent(t.Name(), TestACLConfig()+`
connect {
enabled = true
}
`)
a := NewTestAgent(t.Name(), TestACLConfig()+testAllowProxyConfig())
defer a.Shutdown()
// Register a service with a managed proxy
@ -3141,11 +3109,7 @@ func TestAgentConnectProxyConfig_aclServiceReadDeny(t *testing.T) {
t.Parallel()
require := require.New(t)
a := NewTestAgent(t.Name(), TestACLConfig()+`
connect {
enabled = true
}
`)
a := NewTestAgent(t.Name(), TestACLConfig()+testAllowProxyConfig())
defer a.Shutdown()
// Register a service with a managed proxy
@ -3230,6 +3194,9 @@ func TestAgentConnectProxyConfig_ConfigHandling(t *testing.T) {
bind_addr = "0.0.0.0"
connect {
enabled = true
proxy {
allow_managed_api_registration = true
}
}
ports {
proxy_min_port = 10000
@ -3251,6 +3218,9 @@ func TestAgentConnectProxyConfig_ConfigHandling(t *testing.T) {
bind_addr = "0.0.0.0"
connect {
enabled = true
proxy {
allow_managed_api_registration = true
}
proxy_defaults = {
exec_mode = "script"
script_command = ["script.sh"]
@ -3276,6 +3246,9 @@ func TestAgentConnectProxyConfig_ConfigHandling(t *testing.T) {
bind_addr = "0.0.0.0"
connect {
enabled = true
proxy {
allow_managed_api_registration = true
}
proxy_defaults = {
exec_mode = "daemon"
daemon_command = ["daemon.sh"]
@ -3301,6 +3274,9 @@ func TestAgentConnectProxyConfig_ConfigHandling(t *testing.T) {
bind_addr = "0.0.0.0"
connect {
enabled = true
proxy {
allow_managed_api_registration = true
}
proxy_defaults = {
config = {
connect_timeout_ms = 1000
@ -3333,6 +3309,9 @@ func TestAgentConnectProxyConfig_ConfigHandling(t *testing.T) {
bind_addr = "0.0.0.0"
connect {
enabled = true
proxy {
allow_managed_api_registration = true
}
proxy_defaults = {
exec_mode = "daemon"
daemon_command = ["daemon.sh"]
@ -3838,3 +3817,17 @@ func TestAgentConnectAuthorize_defaultAllow(t *testing.T) {
assert.True(obj.Authorized)
assert.Contains(obj.Reason, "Default behavior")
}
// testAllowProxyConfig returns agent config to allow managed proxy API
// registration.
func testAllowProxyConfig() string {
return `
connect {
enabled = true
proxy {
allow_managed_api_registration = true
}
}
`
}

4
agent/agent_test.go
View File

@ -67,9 +67,9 @@ func TestAgent_ConnectClusterIDConfig(t *testing.T) {
wantClusterID: connect.TestClusterID,
},
{
name: "no cluster ID specified remains null",
name: "no cluster ID specified sets to test ID",
hcl: "connect { enabled = true }",
wantClusterID: "",
wantClusterID: connect.TestClusterID,
},
{
name: "non-UUID cluster_id is fatal",