3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-24 21:48:23 +02:00
Code Issues Projects Releases Packages Wiki Activity

integration-tests: TLS policy configuration options (#708)

Browse source 
* integration-tests: switch to go for backends to support TLS scenarios

* fix apply order

* generate additional tls certs

* integration-tests: tls_skip_verify option

* integration-tests: wait for openid to come up before starting authenticate

* add tls_server_name test

* add test for tls_custom_ca

* increase setup timeout to 15 minutes

* fix secret name reference

* mtls wip

* mtls wip

* add test for client_cert
This commit is contained in:
Caleb Doxsey 2020-05-15 16:37:09 -06:00 committed by GitHub
parent 397d4a9f51
commit 49067c8f06
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 606 additions and 209 deletions
Download patch file Download diff file Expand all files Collapse all files

22
integration/internal/cluster/setup.go
View file

@ -36,7 +36,7 @@ func (cluster *Cluster) Setup(ctx context.Context) error {
return fmt.Errorf("error running kubectl cluster-info: %w", err)
}
cluster.certs, err = bootstrapCerts(ctx)
cluster.certsBundle, err = bootstrapCerts(ctx)
if err != nil {
return err
}
@ -145,9 +145,21 @@ func (cluster *Cluster) generateManifests() (string, error) {
}
vm := jsonnet.MakeVM()
vm.ExtVar("tls-ca", cluster.certs.CA)
vm.ExtVar("tls-cert", cluster.certs.Cert)
vm.ExtVar("tls-key", cluster.certs.Key)
for _, item := range []struct {
name string
certs *TLSCerts
}{
{"trusted", &cluster.certsBundle.Trusted},
{"wrongly-named", &cluster.certsBundle.WronglyNamed},
{"untrusted", &cluster.certsBundle.Untrusted},
} {
vm.ExtVar("tls-"+item.name+"-ca", string(item.certs.CA))
vm.ExtVar("tls-"+item.name+"-cert", string(item.certs.Cert))
vm.ExtVar("tls-"+item.name+"-key", string(item.certs.Key))
vm.ExtVar("tls-"+item.name+"-client-cert", string(item.certs.Client.Cert))
vm.ExtVar("tls-"+item.name+"-client-key", string(item.certs.Client.Key))
}
vm.Importer(&jsonnet.FileImporter{
JPaths: []string{filepath.Join(cluster.workingDir, "manifests")},
})
@ -166,7 +178,7 @@ func applyManifests(ctx context.Context, jsonsrc string) error {
}
log.Info().Msg("waiting for deployments to come up")
ctx, clearTimeout := context.WithTimeout(ctx, 5*time.Minute)
ctx, clearTimeout := context.WithTimeout(ctx, 15*time.Minute)
defer clearTimeout()
ticker := time.NewTicker(time.Second * 5)
defer ticker.Stop()