Support calling internal API using HTTPSid-api-https

author: Igor Drozdov <idrozdov@gitlab.com> 2019-04-25 10:19:34 +0300
committer: Igor Drozdov <idrozdov@gitlab.com> 2019-05-01 14:51:39 +0300
commit: 8886eb709e290baa6f526dffffe8de9bd4badbbb (patch)
tree: 8201cdfb5e9d51bc73c99c6a4181d30fa03ad1ac /go/internal/gitlabnet
parent: 344cc6b443e08ec5648fcf8a3035e46bb404fd6a (diff)
download: gitlab-shell-id-api-https.tar.gz
3 files changed, 166 insertions, 4 deletions
diff --git a/go/internal/gitlabnet/client_test.go b/go/internal/gitlabnet/client_test.go
index f9aa289..d817239 100644
--- a/go/internal/gitlabnet/client_test.go
+++ b/go/internal/gitlabnet/client_test.go
@@ -6,15 +6,21 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net/http"
+	"path"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"gitlab.com/gitlab-org/gitlab-shell/go/internal/config"
 	"gitlab.com/gitlab-org/gitlab-shell/go/internal/gitlabnet/testserver"
+	"gitlab.com/gitlab-org/gitlab-shell/go/internal/testhelper"
 )
 
 func TestClients(t *testing.T) {
+	testDirCleanup, err := testhelper.PrepareTestRootDir()
+	require.NoError(t, err)
+	defer testDirCleanup()
+
 	requests := []testserver.TestRequestHandler{
 		{
 			Path: "/api/v4/internal/hello",
@@ -64,19 +70,26 @@ func TestClients(t *testing.T) {
 
 	testCases := []struct {
 		desc   string
-		secret string
+		config *config.Config
 		server func([]testserver.TestRequestHandler) (func(), string, error)
 	}{
 		{
 			desc:   "Socket client",
-			secret: "sssh, it's a secret",
+			config: &config.Config{},
 			server: testserver.StartSocketHttpServer,
 		},
 		{
 			desc:   "Http client",
-			secret: "sssh, it's a secret",
+			config: &config.Config{},
 			server: testserver.StartHttpServer,
 		},
+		{
+			desc: "Https client",
+			config: &config.Config{
+				HttpSettings: config.HttpSettingsConfig{CaFile: path.Join(testhelper.TestRoot, "certs/valid/server.crt")},
+			},
+			server: testserver.StartHttpsServer,
+		},
 	}
 
 	for _, tc := range testCases {
@@ -85,7 +98,10 @@ func TestClients(t *testing.T) {
 			defer cleanup()
 			require.NoError(t, err)
 
-			client, err := GetClient(&config.Config{GitlabUrl: url, Secret: tc.secret})
+			tc.config.GitlabUrl = url
+			tc.config.Secret = "sssh, it's a secret"
+
+			client, err := GetClient(tc.config)
 			require.NoError(t, err)
 
 			testBrokenRequest(t, client)
diff --git a/go/internal/gitlabnet/httpsclient_test.go b/go/internal/gitlabnet/httpsclient_test.go
new file mode 100644
index 0000000..b9baad8
--- /dev/null
+++ b/go/internal/gitlabnet/httpsclient_test.go
@@ -0,0 +1,126 @@
+package gitlabnet
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"path"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"gitlab.com/gitlab-org/gitlab-shell/go/internal/config"
+	"gitlab.com/gitlab-org/gitlab-shell/go/internal/gitlabnet/testserver"
+	"gitlab.com/gitlab-org/gitlab-shell/go/internal/testhelper"
+)
+
+func TestSuccessfulRequests(t *testing.T) {
+	testCases := []struct {
+		desc   string
+		config *config.Config
+	}{
+		{
+			desc: "Valid CaFile",
+			config: &config.Config{
+				HttpSettings: config.HttpSettingsConfig{CaFile: path.Join(testhelper.TestRoot, "certs/valid/server.crt")},
+			},
+		},
+		{
+			desc: "Valid CaPath",
+			config: &config.Config{
+				HttpSettings: config.HttpSettingsConfig{CaPath: path.Join(testhelper.TestRoot, "certs/valid")},
+			},
+		},
+		{
+			desc: "Self signed cert option enabled",
+			config: &config.Config{
+				HttpSettings: config.HttpSettingsConfig{SelfSignedCert: true},
+			},
+		},
+		{
+			desc: "Invalid cert with self signed cert option enabled",
+			config: &config.Config{
+				HttpSettings: config.HttpSettingsConfig{SelfSignedCert: true, CaFile: path.Join(testhelper.TestRoot, "certs/valid/server.crt")},
+			},
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.desc, func(t *testing.T) {
+			client, cleanup := setupWithRequests(t, tc.config)
+			defer cleanup()
+
+			response, err := client.Get("/hello")
+			require.NoError(t, err)
+			require.NotNil(t, response)
+
+			defer response.Body.Close()
+
+			responseBody, err := ioutil.ReadAll(response.Body)
+			assert.NoError(t, err)
+			assert.Equal(t, string(responseBody), "Hello")
+		})
+	}
+}
+
+func TestFailedRequests(t *testing.T) {
+	testCases := []struct {
+		desc   string
+		config *config.Config
+	}{
+		{
+			desc: "Invalid CaFile",
+			config: &config.Config{
+				HttpSettings: config.HttpSettingsConfig{CaFile: path.Join(testhelper.TestRoot, "certs/invalid/server.crt")},
+			},
+		},
+		{
+			desc: "Invalid CaPath",
+			config: &config.Config{
+				HttpSettings: config.HttpSettingsConfig{CaPath: path.Join(testhelper.TestRoot, "certs/invalid")},
+			},
+		},
+		{
+			desc:   "Empty config",
+			config: &config.Config{},
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.desc, func(t *testing.T) {
+			client, cleanup := setupWithRequests(t, tc.config)
+			defer cleanup()
+
+			_, err := client.Get("/hello")
+			require.Error(t, err)
+
+			assert.Equal(t, err.Error(), "Internal API unreachable")
+		})
+	}
+}
+
+func setupWithRequests(t *testing.T, config *config.Config) (*GitlabClient, func()) {
+	testDirCleanup, err := testhelper.PrepareTestRootDir()
+	require.NoError(t, err)
+	defer testDirCleanup()
+
+	requests := []testserver.TestRequestHandler{
+		{
+			Path: "/api/v4/internal/hello",
+			Handler: func(w http.ResponseWriter, r *http.Request) {
+				require.Equal(t, http.MethodGet, r.Method)
+
+				fmt.Fprint(w, "Hello")
+			},
+		},
+	}
+
+	cleanup, url, err := testserver.StartHttpsServer(requests)
+	require.NoError(t, err)
+
+	config.GitlabUrl = url
+	client, err := GetClient(config)
+	require.NoError(t, err)
+
+	return client, cleanup
+}
diff --git a/go/internal/gitlabnet/testserver/testserver.go b/go/internal/gitlabnet/testserver/testserver.go
index 3e6499d..bf896e6 100644
--- a/go/internal/gitlabnet/testserver/testserver.go
+++ b/go/internal/gitlabnet/testserver/testserver.go
@@ -1,6 +1,7 @@
 package testserver
 
 import (
+	"crypto/tls"
 	"io/ioutil"
 	"log"
 	"net"
@@ -9,6 +10,8 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+
+	"gitlab.com/gitlab-org/gitlab-shell/go/internal/testhelper"
 )
 
 var (
@@ -50,6 +53,23 @@ func StartHttpServer(handlers []TestRequestHandler) (func(), string, error) {
 	return server.Close, server.URL, nil
 }
 
+func StartHttpsServer(handlers []TestRequestHandler) (func(), string, error) {
+	crt := path.Join(testhelper.TestRoot, "certs/valid/server.crt")
+	key := path.Join(testhelper.TestRoot, "certs/valid/server.key")
+
+	server := httptest.NewUnstartedServer(buildHandler(handlers))
+	cer, err := tls.LoadX509KeyPair(crt, key)
+
+	if err != nil {
+		return nil, "", err
+	}
+
+	server.TLS = &tls.Config{Certificates: []tls.Certificate{cer}}
+	server.StartTLS()
+
+	return server.Close, server.URL, nil
+}
+
 func cleanupSocket() {
 	os.RemoveAll(tempDir)
 }
author	Igor Drozdov <idrozdov@gitlab.com>	2019-04-25 10:19:34 +0300
committer	Igor Drozdov <idrozdov@gitlab.com>	2019-05-01 14:51:39 +0300
commit	8886eb709e290baa6f526dffffe8de9bd4badbbb (patch)
tree	8201cdfb5e9d51bc73c99c6a4181d30fa03ad1ac /go/internal/gitlabnet
parent	344cc6b443e08ec5648fcf8a3035e46bb404fd6a (diff)
download	gitlab-shell-id-api-https.tar.gz