mirror of
https://github.com/pomerium/pomerium.git
synced 2025-08-02 16:30:17 +02:00
379abecab1
Update the integration test libsonnet templates to assign a fixed IP address to the trusted-httpdetails service. This requires also assigning a fixed IP subnet to the docker network. Configure a route with a 'to' URL using https and this fixed IP address. Add a corresponding certificate with the IP address. Finally, add a test case that makes a request to this route.
101 lines
2.6 KiB
Jsonnet
101 lines
2.6 KiB
Jsonnet
local utils = import '../utils.libsonnet';
|
|
|
|
local Variations() =
|
|
[
|
|
{
|
|
name: 'trusted',
|
|
cert: importstr '../files/trusted-sans.pem',
|
|
key: importstr '../files/trusted-sans-key.pem',
|
|
ipv4Address: '172.20.0.50',
|
|
},
|
|
{
|
|
name: 'trusted-1',
|
|
cert: importstr '../files/trusted.pem',
|
|
key: importstr '../files/trusted-key.pem',
|
|
},
|
|
{
|
|
name: 'trusted-2',
|
|
cert: importstr '../files/trusted.pem',
|
|
key: importstr '../files/trusted-key.pem',
|
|
},
|
|
{
|
|
name: 'trusted-3',
|
|
cert: importstr '../files/trusted.pem',
|
|
key: importstr '../files/trusted-key.pem',
|
|
},
|
|
{
|
|
name: 'untrusted',
|
|
cert: importstr '../files/untrusted.pem',
|
|
key: importstr '../files/untrusted-key.pem',
|
|
},
|
|
{
|
|
name: 'wrongly-named',
|
|
cert: importstr '../files/invalid.pem',
|
|
key: importstr '../files/invalid-key.pem',
|
|
},
|
|
];
|
|
|
|
local Command(variation) =
|
|
[
|
|
'sh',
|
|
'-c',
|
|
|||
|
|
cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem
|
|
%s
|
|
END_OF_HTTPDETAILS
|
|
cat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem
|
|
%s
|
|
END_OF_HTTPDETAILS
|
|
node ./index.js
|
|
||| % [variation.cert, variation.key],
|
|
];
|
|
|
|
function() {
|
|
local suffix = 'httpdetails',
|
|
local image = 'mendhak/http-https-echo:19',
|
|
|
|
compose: {
|
|
services: std.foldl(
|
|
function(acc, variation)
|
|
acc +
|
|
utils.ComposeService(variation.name + '-' + suffix, {
|
|
image: image,
|
|
command: Command(variation),
|
|
[if std.get(variation, 'ipv4Address') != null then 'networks']: {
|
|
main: {
|
|
ipv4_address: variation.ipv4Address,
|
|
}
|
|
},
|
|
}) +
|
|
utils.ComposeService(variation.name + '-' + suffix + '-ready', {
|
|
image: 'jwilder/dockerize:0.6.1',
|
|
command: [
|
|
'-wait',
|
|
'http://' + variation.name + '-' + suffix + ':8080',
|
|
'-timeout',
|
|
'10m',
|
|
],
|
|
}),
|
|
Variations(),
|
|
{}
|
|
),
|
|
|
|
},
|
|
kubernetes: std.foldl(
|
|
function(acc, variation)
|
|
acc + [
|
|
utils.KubernetesDeployment(variation.name + '-' + suffix, {
|
|
image: image,
|
|
args: Command(variation),
|
|
ports: [
|
|
{ name: 'http', containerPort: 8080 },
|
|
{ name: 'https', containerPort: 8443 },
|
|
],
|
|
}),
|
|
utils.KubernetesService(variation.name + '-' + suffix, [
|
|
{ name: 'http', port: 8080, targetPort: 'http' },
|
|
{ name: 'https', port: 8443, targetPort: 'https' },
|
|
]),
|
|
], Variations(), []
|
|
),
|
|
}
|