acme: new HTTP and TLS challenges implementations.

pkg/server/aggregator_test.go

@@ -3,6 +3,7 @@ package server
 import (
 	"testing"
 
+	"github.com/go-acme/lego/v4/challenge/tlsalpn01"
 	"github.com/stretchr/testify/assert"
 	"github.com/traefik/traefik/v2/pkg/config/dynamic"
 	"github.com/traefik/traefik/v2/pkg/tls"
@@ -122,6 +123,55 @@ func Test_mergeConfiguration(t *testing.T) {
 	}
 }
 
+func Test_mergeConfiguration_tlsCertificates(t *testing.T) {
+	testCases := []struct {
+		desc     string
+		given    dynamic.Configurations
+		expected []*tls.CertAndStores
+	}{
+		{
+			desc: "Skip temp certificates from another provider than tlsalpn",
+			given: dynamic.Configurations{
+				"provider-1": &dynamic.Configuration{
+					TLS: &dynamic.TLSConfiguration{
+						Certificates: []*tls.CertAndStores{
+							{Certificate: tls.Certificate{}, Stores: []string{tlsalpn01.ACMETLS1Protocol}},
+						},
+					},
+				},
+			},
+			expected: nil,
+		},
+		{
+			desc: "Allows tlsalpn provider to give certificates",
+			given: dynamic.Configurations{
+				"tlsalpn.acme": &dynamic.Configuration{
+					TLS: &dynamic.TLSConfiguration{
+						Certificates: []*tls.CertAndStores{{
+							Certificate: tls.Certificate{CertFile: "foo", KeyFile: "bar"},
+							Stores:      []string{tlsalpn01.ACMETLS1Protocol},
+						}},
+					},
+				},
+			},
+			expected: []*tls.CertAndStores{{
+				Certificate: tls.Certificate{CertFile: "foo", KeyFile: "bar"},
+				Stores:      []string{tlsalpn01.ACMETLS1Protocol},
+			}},
+		},
+	}
+
+	for _, test := range testCases {
+		test := test
+		t.Run(test.desc, func(t *testing.T) {
+			t.Parallel()
+
+			actual := mergeConfiguration(test.given, []string{"defaultEP"})
+			assert.Equal(t, test.expected, actual.TLS.Certificates)
+		})
+	}
+}
+
 func Test_mergeConfiguration_tlsOptions(t *testing.T) {
 	testCases := []struct {
 		desc     string