mirror of
https://github.com/pomerium/pomerium.git
synced 2025-06-24 21:48:23 +02:00
integration-tests: TLS policy configuration options (#708)
* integration-tests: switch to go for backends to support TLS scenarios * fix apply order * generate additional tls certs * integration-tests: tls_skip_verify option * integration-tests: wait for openid to come up before starting authenticate * add tls_server_name test * add test for tls_custom_ca * increase setup timeout to 15 minutes * fix secret name reference * mtls wip * mtls wip * add test for client_cert
This commit is contained in:
Caleb Doxsey
GitHub
parent
397d4a9f51
commit
49067c8f06
11 changed files with 606 additions and 209 deletions
|
|
@ -180,3 +180,159 @@ func TestWebsocket(t *testing.T) {
|
|||
assert.NoError(t, err, "expected no error when reading json from websocket")
|
||||
})
|
||||
}
|
||||
|
||||
func TestTLSSkipVerify(t *testing.T) {
|
||||
ctx := mainCtx
|
||||
ctx, clearTimeout := context.WithTimeout(ctx, time.Second*30)
|
||||
defer clearTimeout()
|
||||
|
||||
t.Run("enabled", func(t *testing.T) {
|
||||
client := testcluster.NewHTTPClient()
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", "https://httpdetails.localhost.pomerium.io/tls-skip-verify-enabled", nil)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
res, err := client.Do(req)
|
||||
if !assert.NoError(t, err, "unexpected http error") {
|
||||
return
|
||||
}
|
||||
defer res.Body.Close()
|
||||
|
||||
assert.Equal(t, http.StatusOK, res.StatusCode)
|
||||
})
|
||||
t.Run("disabled", func(t *testing.T) {
|
||||
client := testcluster.NewHTTPClient()
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", "https://httpdetails.localhost.pomerium.io/tls-skip-verify-disabled", nil)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
res, err := client.Do(req)
|
||||
if !assert.NoError(t, err, "unexpected http error") {
|
||||
return
|
||||
}
|
||||
defer res.Body.Close()
|
||||
|
||||
assert.Equal(t, http.StatusBadGateway, res.StatusCode)
|
||||
})
|
||||
}
|
||||
|
||||
func TestTLSServerName(t *testing.T) {
|
||||
ctx := mainCtx
|
||||
ctx, clearTimeout := context.WithTimeout(ctx, time.Second*30)
|
||||
defer clearTimeout()
|
||||
|
||||
t.Run("enabled", func(t *testing.T) {
|
||||
client := testcluster.NewHTTPClient()
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", "https://httpdetails.localhost.pomerium.io/tls-server-name-enabled", nil)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
res, err := client.Do(req)
|
||||
if !assert.NoError(t, err, "unexpected http error") {
|
||||
return
|
||||
}
|
||||
defer res.Body.Close()
|
||||
|
||||
assert.Equal(t, http.StatusOK, res.StatusCode)
|
||||
})
|
||||
t.Run("disabled", func(t *testing.T) {
|
||||
client := testcluster.NewHTTPClient()
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", "https://httpdetails.localhost.pomerium.io/tls-server-name-disabled", nil)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
res, err := client.Do(req)
|
||||
if !assert.NoError(t, err, "unexpected http error") {
|
||||
return
|
||||
}
|
||||
defer res.Body.Close()
|
||||
|
||||
assert.Equal(t, http.StatusBadGateway, res.StatusCode)
|
||||
})
|
||||
}
|
||||
|
||||
func TestTLSCustomCA(t *testing.T) {
|
||||
ctx := mainCtx
|
||||
ctx, clearTimeout := context.WithTimeout(ctx, time.Second*30)
|
||||
defer clearTimeout()
|
||||
|
||||
t.Run("enabled", func(t *testing.T) {
|
||||
client := testcluster.NewHTTPClient()
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", "https://httpdetails.localhost.pomerium.io/tls-custom-ca-enabled", nil)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
res, err := client.Do(req)
|
||||
if !assert.NoError(t, err, "unexpected http error") {
|
||||
return
|
||||
}
|
||||
defer res.Body.Close()
|
||||
|
||||
assert.Equal(t, http.StatusOK, res.StatusCode)
|
||||
})
|
||||
t.Run("disabled", func(t *testing.T) {
|
||||
client := testcluster.NewHTTPClient()
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", "https://httpdetails.localhost.pomerium.io/tls-custom-ca-disabled", nil)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
res, err := client.Do(req)
|
||||
if !assert.NoError(t, err, "unexpected http error") {
|
||||
return
|
||||
}
|
||||
defer res.Body.Close()
|
||||
|
||||
assert.Equal(t, http.StatusBadGateway, res.StatusCode)
|
||||
})
|
||||
}
|
||||
|
||||
func TestTLSClientCert(t *testing.T) {
|
||||
ctx := mainCtx
|
||||
ctx, clearTimeout := context.WithTimeout(ctx, time.Second*30)
|
||||
defer clearTimeout()
|
||||
|
||||
t.Run("enabled", func(t *testing.T) {
|
||||
client := testcluster.NewHTTPClient()
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", "https://httpdetails.localhost.pomerium.io/tls-client-cert-enabled", nil)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
res, err := client.Do(req)
|
||||
if !assert.NoError(t, err, "unexpected http error") {
|
||||
return
|
||||
}
|
||||
defer res.Body.Close()
|
||||
|
||||
assert.Equal(t, http.StatusOK, res.StatusCode)
|
||||
})
|
||||
t.Run("disabled", func(t *testing.T) {
|
||||
client := testcluster.NewHTTPClient()
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", "https://httpdetails.localhost.pomerium.io/tls-client-cert-disabled", nil)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
res, err := client.Do(req)
|
||||
if !assert.NoError(t, err, "unexpected http error") {
|
||||
return
|
||||
}
|
||||
defer res.Body.Close()
|
||||
|
||||
assert.Equal(t, http.StatusBadGateway, res.StatusCode)
|
||||
})
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue