Merge branch 'v1.3'
This commit is contained in:
Fernandez Ludovic
commit
73e10c96cc
14 changed files with 303 additions and 41 deletions
|
|
@ -2,11 +2,12 @@ package main
|
|||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"os"
|
||||
"time"
|
||||
|
||||
"github.com/containous/traefik/integration/try"
|
||||
"github.com/containous/traefik/testhelpers"
|
||||
"github.com/go-check/check"
|
||||
checker "github.com/vdemeester/shakers"
|
||||
)
|
||||
|
|
@ -17,6 +18,21 @@ type AcmeSuite struct {
|
|||
boulderIP string
|
||||
}
|
||||
|
||||
// Acme tests configuration
|
||||
type AcmeTestCase struct {
|
||||
onDemand bool
|
||||
traefikConfFilePath string
|
||||
domainToCheck string
|
||||
}
|
||||
|
||||
const (
|
||||
// Domain to check
|
||||
acmeDomain = "traefik.acme.wtf"
|
||||
|
||||
// Wildcard domain to check
|
||||
wildcardDomain = "*.acme.wtf"
|
||||
)
|
||||
|
||||
func (s *AcmeSuite) SetUpSuite(c *check.C) {
|
||||
s.createComposeProject(c, "boulder")
|
||||
s.composeProject.Start(c)
|
||||
|
|
@ -35,11 +51,58 @@ func (s *AcmeSuite) TearDownSuite(c *check.C) {
|
|||
}
|
||||
}
|
||||
|
||||
func (s *AcmeSuite) TestRetrieveAcmeCertificate(c *check.C) {
|
||||
file := s.adaptFile(c, "fixtures/acme/acme.toml", struct{ BoulderHost string }{s.boulderIP})
|
||||
defer os.Remove(file)
|
||||
cmd, output := s.cmdTraefikWithConfigFile(file)
|
||||
// Test OnDemand option with none provided certificate
|
||||
func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificate(c *check.C) {
|
||||
testCase := AcmeTestCase{
|
||||
traefikConfFilePath: "fixtures/acme/acme.toml",
|
||||
onDemand: true,
|
||||
domainToCheck: acmeDomain}
|
||||
|
||||
s.retrieveAcmeCertificate(c, testCase)
|
||||
}
|
||||
|
||||
// Test OnHostRule option with none provided certificate
|
||||
func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificate(c *check.C) {
|
||||
testCase := AcmeTestCase{
|
||||
traefikConfFilePath: "fixtures/acme/acme.toml",
|
||||
onDemand: false,
|
||||
domainToCheck: acmeDomain}
|
||||
|
||||
s.retrieveAcmeCertificate(c, testCase)
|
||||
}
|
||||
|
||||
// Test OnDemand option with a wildcard provided certificate
|
||||
func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateWithWildcard(c *check.C) {
|
||||
testCase := AcmeTestCase{
|
||||
traefikConfFilePath: "fixtures/acme/acme_provided.toml",
|
||||
onDemand: true,
|
||||
domainToCheck: wildcardDomain}
|
||||
|
||||
s.retrieveAcmeCertificate(c, testCase)
|
||||
}
|
||||
|
||||
// Test onHostRule option with a wildcard provided certificate
|
||||
func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateWithWildcard(c *check.C) {
|
||||
testCase := AcmeTestCase{
|
||||
traefikConfFilePath: "fixtures/acme/acme_provided.toml",
|
||||
onDemand: false,
|
||||
domainToCheck: wildcardDomain}
|
||||
|
||||
s.retrieveAcmeCertificate(c, testCase)
|
||||
}
|
||||
|
||||
// Doing an HTTPS request and test the response certificate
|
||||
func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {
|
||||
file := s.adaptFile(c, testCase.traefikConfFilePath, struct {
|
||||
BoulderHost string
|
||||
OnDemand, OnHostRule bool
|
||||
}{
|
||||
BoulderHost: s.boulderIP,
|
||||
OnDemand: testCase.onDemand,
|
||||
OnHostRule: !testCase.onDemand,
|
||||
})
|
||||
|
||||
cmd, output := s.cmdTraefikWithConfigFile(file)
|
||||
err := cmd.Start()
|
||||
c.Assert(err, checker.IsNil)
|
||||
defer cmd.Process.Kill()
|
||||
|
|
@ -64,16 +127,39 @@ func (s *AcmeSuite) TestRetrieveAcmeCertificate(c *check.C) {
|
|||
tr = &http.Transport{
|
||||
TLSClientConfig: &tls.Config{
|
||||
InsecureSkipVerify: true,
|
||||
ServerName: "traefik.acme.wtf",
|
||||
ServerName: acmeDomain,
|
||||
},
|
||||
}
|
||||
client = &http.Client{Transport: tr}
|
||||
req, _ := http.NewRequest("GET", "https://127.0.0.1:5001/", nil)
|
||||
req.Host = "traefik.acme.wtf"
|
||||
req.Header.Set("Host", "traefik.acme.wtf")
|
||||
|
||||
req := testhelpers.MustNewRequest(http.MethodGet, "https://127.0.0.1:5001/", nil)
|
||||
req.Host = acmeDomain
|
||||
req.Header.Set("Host", acmeDomain)
|
||||
req.Header.Set("Accept", "*/*")
|
||||
resp, err := client.Do(req)
|
||||
|
||||
var resp *http.Response
|
||||
|
||||
// Retry to send a Request which uses the LE generated certificate
|
||||
err = try.Do(60*time.Second, func() error {
|
||||
resp, err = client.Do(req)
|
||||
|
||||
// /!\ If connection is not closed, SSLHandshake will only be done during the first trial /!\
|
||||
req.Close = true
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
cn := resp.TLS.PeerCertificates[0].Subject.CommonName
|
||||
if cn != testCase.domainToCheck {
|
||||
return fmt.Errorf("domain %s found in place of %s", cn, testCase.domainToCheck)
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
|
||||
c.Assert(err, checker.IsNil)
|
||||
// Expected a 200
|
||||
c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
|
||||
// Check Domain into response certificate
|
||||
c.Assert(resp.TLS.PeerCertificates[0].Subject.CommonName, checker.Equals, testCase.domainToCheck)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue