Skip to content

Commit 3ea8a02

Browse files
fabriziosestitojvanz
authored andcommitted
test: update tests
Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
1 parent ba76870 commit 3ea8a02

File tree

2 files changed

+11
-51
lines changed

2 files changed

+11
-51
lines changed

tests/common/mod.rs

+1
Original file line numberDiff line numberDiff line change
@@ -106,6 +106,7 @@ pub(crate) fn default_test_config() -> Config {
106106

107107
Config {
108108
addr: SocketAddr::from(([127, 0, 0, 1], 3001)),
109+
readiness_probe_addr: SocketAddr::from(([127, 0, 0, 1], 3002)),
109110
sources: None,
110111
policies,
111112
policies_download_dir: tempdir().unwrap().into_path(),

tests/integration_test.rs

+10-51
Original file line numberDiff line numberDiff line change
@@ -654,23 +654,11 @@ mod certificate_reload_helpers {
654654
}
655655
}
656656

657-
pub async fn policy_server_is_ready(
658-
address: &str,
659-
client_tls_pem_bundle: Option<String>,
660-
) -> anyhow::Result<StatusCode> {
657+
pub async fn policy_server_is_ready(address: &str) -> anyhow::Result<StatusCode> {
661658
// wait for the server to start
662-
let mut client_builder = reqwest::Client::builder();
663-
664-
if let Some(tls_data) = client_tls_pem_bundle {
665-
let identity = reqwest::Identity::from_pem(tls_data.as_bytes())?;
666-
client_builder = client_builder.identity(identity)
667-
};
668-
let client = client_builder
669-
.danger_accept_invalid_certs(true)
670-
.build()
671-
.unwrap();
659+
let client = reqwest::Client::builder().build().unwrap();
672660

673-
let url = reqwest::Url::parse(&format!("https://{address}/readiness")).unwrap();
661+
let url = reqwest::Url::parse(&format!("http://{address}/readiness")).unwrap();
674662
let response = client.get(url).send().await?;
675663
Ok(response.status())
676664
}
@@ -704,8 +692,9 @@ async fn test_detect_certificate_rotation() {
704692
});
705693
config.policies = HashMap::new();
706694

707-
let domain_ip = config.addr.ip().to_string();
708-
let domain_port = config.addr.port().to_string();
695+
let host = config.addr.ip().to_string();
696+
let port = config.addr.port().to_string();
697+
let readiness_probe_port = config.readiness_probe_addr.port().to_string();
709698

710699
tokio::spawn(async move {
711700
let api_server = policy_server::PolicyServer::new_from_config(config)
@@ -719,29 +708,22 @@ async fn test_detect_certificate_rotation() {
719708
.with_max_delay(Duration::from_secs(30))
720709
.with_max_times(5);
721710

722-
let client_cert = tls_data_client.cert.clone();
723-
let client_key = tls_data_client.key.clone();
724711
let status_code = (|| async {
725-
policy_server_is_ready(
726-
format!("{domain_ip}:{domain_port}").as_str(),
727-
Some(format!("{client_cert}\n{client_key}")),
728-
)
729-
.await
712+
policy_server_is_ready(format!("{host}:{readiness_probe_port}").as_str()).await
730713
})
731714
.retry(exponential_backoff)
732715
.await
733716
.unwrap();
734717
assert_eq!(status_code, reqwest::StatusCode::OK);
735718

736-
check_tls_san_name(&domain_ip, &domain_port, hostname1)
719+
check_tls_san_name(&host, &port, hostname1)
737720
.await
738721
.expect("certificate served doesn't use the expected SAN name");
739722

740723
// Generate a new certificate and key, and switch to them
741724

742725
let hostname2 = "cert2.example.com";
743726
let tls_data2 = create_cert(hostname2);
744-
let client_ca2 = create_cert(hostname2);
745727

746728
// write only the cert file
747729
std::fs::write(&cert_file, tls_data2.cert).unwrap();
@@ -750,7 +732,7 @@ async fn test_detect_certificate_rotation() {
750732
tokio::time::sleep(std::time::Duration::from_secs(4)).await;
751733

752734
// the old certificate should still be in use, since we didn't change also the key
753-
check_tls_san_name(&domain_ip, &domain_port, hostname1)
735+
check_tls_san_name(&host, &port, hostname1)
754736
.await
755737
.expect("certificate should not have been changed");
756738

@@ -760,32 +742,9 @@ async fn test_detect_certificate_rotation() {
760742
// give inotify some time to ensure it detected the cert change,
761743
// also give axum some time to complete the certificate reload
762744
tokio::time::sleep(std::time::Duration::from_secs(4)).await;
763-
check_tls_san_name(&domain_ip, &domain_port, hostname2)
745+
check_tls_san_name(&host, &port, hostname2)
764746
.await
765747
.expect("certificate hasn't been reloaded");
766-
767-
// Let test if the server is reloading client certificate
768-
std::fs::write(&client_ca, client_ca2.cert.clone()).unwrap();
769-
770-
// give inotify some time to ensure it detected the cert change
771-
tokio::time::sleep(std::time::Duration::from_secs(4)).await;
772-
773-
assert!(policy_server_is_ready(
774-
format!("{domain_ip}:{domain_port}").as_str(),
775-
Some(format!("{client_cert}\n{client_key}")),
776-
)
777-
.await
778-
.is_err());
779-
780-
let client_cert = client_ca2.cert.clone();
781-
let client_key = client_ca2.key.clone();
782-
let status_code = policy_server_is_ready(
783-
format!("{domain_ip}:{domain_port}").as_str(),
784-
Some(format!("{client_cert}\n{client_key}")),
785-
)
786-
.await
787-
.unwrap();
788-
assert_eq!(status_code, reqwest::StatusCode::OK);
789748
}
790749

791750
#[tokio::test]

0 commit comments

Comments
 (0)