shaba/traefik
1
0
Fork 0
mirror of https://github.com/containous/traefik.git synced 2025-03-17 10:50:11 +03:00
Code Releases Activity
traefik/integration/acme_test.go

506 lines
12 KiB
Go
Raw Permalink Normal View History

Update traefik dependencies (docker/docker and related) (#1823) Update traefik dependencies (docker/docker and related) - Update dependencies - Fix compilation problems - Remove vdemeester/docker-events (in docker api now) - Remove `integration/vendor` - Use `testImport` - update some deps. - regenerate the lock from scratch (after a `glide cc`)
2017-07-06 16:28:13 +02:00
package integration
Add ACME/Let’s Encrypt integration tests Thx @gwallet for the help.
2016-12-12 18:30:31 +01:00
import (
"crypto/tls"
Add option to select algorithm to generate ACME certificates
2018-05-16 11:44:03 +02:00
"crypto/x509"
Merge branch 'v1.3'
2017-06-27 14:42:12 +02:00
"fmt"
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
"io/ioutil"
Add ACME/Let’s Encrypt integration tests Thx @gwallet for the help.
2016-12-12 18:30:31 +01:00
"net/http"
Display Traefik logs in integration test
2017-09-13 10:34:04 +02:00
"os"
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
"path/filepath"
Add ACME/Let’s Encrypt integration tests Thx @gwallet for the help.
2016-12-12 18:30:31 +01:00
"time"
"github.com/go-check/check"
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
"github.com/miekg/dns"
chore: move to Traefik organization. Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2020-09-16 15:46:04 +02:00
"github.com/traefik/traefik/v2/integration/try"
"github.com/traefik/traefik/v2/pkg/config/static"
"github.com/traefik/traefik/v2/pkg/provider/acme"
"github.com/traefik/traefik/v2/pkg/testhelpers"
"github.com/traefik/traefik/v2/pkg/types"
Add ACME/Let’s Encrypt integration tests Thx @gwallet for the help.
2016-12-12 18:30:31 +01:00
checker "github.com/vdemeester/shakers"
)
Update linter
2020-05-11 12:06:07 +02:00
// ACME test suites (using libcompose).
Add ACME/Let’s Encrypt integration tests Thx @gwallet for the help.
2016-12-12 18:30:31 +01:00
type AcmeSuite struct {
BaseSuite
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
pebbleIP string
fakeDNSServer *dns.Server
Add ACME/Let’s Encrypt integration tests Thx @gwallet for the help.
2016-12-12 18:30:31 +01:00
}
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
type subCases struct {
host string
expectedCommonName string
expectedAlgorithm x509.PublicKeyAlgorithm
}
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
type acmeTestCase struct {
template templateModel
feature: Add provided certificates check before to generate ACME certificate when OnHostRule is activated - ADD TI to check the new behaviour with onHostRule and provided certificates - ADD TU on the getProvidedCertificate method
2017-06-19 13:22:41 +02:00
traefikConfFilePath string
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
subCases []subCases
Add ACME/Let’s Encrypt integration tests Thx @gwallet for the help.
2016-12-12 18:30:31 +01:00
}
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
type templateModel struct {
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
Domains []types.Domain
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
PortHTTP string
PortHTTPS string
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
Acme map[string]static.CertificateResolver
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
}
Merge branch 'v1.3'
2017-06-27 14:42:12 +02:00
const (
// Domain to check
acmeDomain = "traefik.acme.wtf"
feature: Add provided certificates check before to generate ACME certificate when OnHostRule is activated - ADD TI to check the new behaviour with onHostRule and provided certificates - ADD TU on the getProvidedCertificate method
2017-06-19 13:22:41 +02:00
Merge branch 'v1.3'
2017-06-27 14:42:12 +02:00
// Wildcard domain to check
wildcardDomain = "*.acme.wtf"
)
feature: Add provided certificates check before to generate ACME certificate when OnHostRule is activated - ADD TI to check the new behaviour with onHostRule and provided certificates - ADD TU on the getProvidedCertificate method
2017-06-19 13:22:41 +02:00
Simplify acme e2e tests.
2018-06-27 15:08:05 +02:00
func (s *AcmeSuite) getAcmeURL() string {
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
return fmt.Sprintf("https://%s:14000/dir", s.pebbleIP)
}
func setupPebbleRootCA() (*http.Transport, error) {
path, err := filepath.Abs("fixtures/acme/ssl/pebble.minica.pem")
if err != nil {
return nil, err
}
os.Setenv("LEGO_CA_CERTIFICATES", path)
os.Setenv("LEGO_CA_SERVER_NAME", "pebble")
customCAs, err := ioutil.ReadFile(path)
if err != nil {
return nil, err
}
certPool := x509.NewCertPool()
if ok := certPool.AppendCertsFromPEM(customCAs); !ok {
Update linter
2020-05-11 12:06:07 +02:00
return nil, fmt.Errorf("error creating x509 cert pool from %q: %w", path, err)
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
}
return &http.Transport{
TLSClientConfig: &tls.Config{
ServerName: "pebble",
RootCAs: certPool,
},
}, nil
Simplify acme e2e tests.
2018-06-27 15:08:05 +02:00
}
Add ACME/Let’s Encrypt integration tests Thx @gwallet for the help.
2016-12-12 18:30:31 +01:00
func (s *AcmeSuite) SetUpSuite(c *check.C) {
Use official Pebble Image.
2018-08-01 16:56:04 +02:00
s.createComposeProject(c, "pebble")
Add ACME/Let’s Encrypt integration tests Thx @gwallet for the help.
2016-12-12 18:30:31 +01:00
s.composeProject.Start(c)
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
s.fakeDNSServer = startFakeDNSServer()
s.pebbleIP = s.composeProject.Container(c, "pebble").NetworkSettings.IPAddress
pebbleTransport, err := setupPebbleRootCA()
if err != nil {
c.Fatal(err)
}
Use official Pebble Image.
2018-08-01 16:56:04 +02:00
// wait for pebble
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
req := testhelpers.MustNewRequest(http.MethodGet, s.getAcmeURL(), nil)
client := &http.Client{
Transport: pebbleTransport,
}
Add ACME/Let’s Encrypt integration tests Thx @gwallet for the help.
2016-12-12 18:30:31 +01:00
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
err = try.Do(5*time.Second, func() error {
resp, errGet := client.Do(req)
if errGet != nil {
return errGet
}
return try.StatusCodeIs(http.StatusOK)(resp)
})
Add ACME/Let’s Encrypt integration tests Thx @gwallet for the help.
2016-12-12 18:30:31 +01:00
c.Assert(err, checker.IsNil)
}
func (s *AcmeSuite) TearDownSuite(c *check.C) {
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
err := s.fakeDNSServer.Shutdown()
if err != nil {
c.Log(err)
}
Add ACME/Let’s Encrypt integration tests Thx @gwallet for the help.
2016-12-12 18:30:31 +01:00
// shutdown and delete compose project
if s.composeProject != nil {
s.composeProject.Stop(c)
}
}
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
func (s *AcmeSuite) TestHTTP01Domains(c *check.C) {
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
testCase := acmeTestCase{
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
traefikConfFilePath: "fixtures/acme/acme_domains.toml",
subCases: []subCases{{
host: acmeDomain,
expectedCommonName: acmeDomain,
expectedAlgorithm: x509.RSA,
}},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
template: templateModel{
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
Domains: []types.Domain{{
Main: "traefik.acme.wtf",
}},
Acme: map[string]static.CertificateResolver{
"default": {ACME: &acme.Configuration{
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "web"},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
}},
},
Simplify acme e2e tests.
2018-06-27 15:08:05 +02:00
},
}
Merge branch 'v1.3'
2017-06-27 14:42:12 +02:00
s.retrieveAcmeCertificate(c, testCase)
feature: Add provided certificates check before to generate ACME certificate when OnHostRule is activated - ADD TI to check the new behaviour with onHostRule and provided certificates - ADD TU on the getProvidedCertificate method
2017-06-19 13:22:41 +02:00
}
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
func (s *AcmeSuite) TestHTTP01DomainsInSAN(c *check.C) {
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
testCase := acmeTestCase{
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
traefikConfFilePath: "fixtures/acme/acme_domains.toml",
subCases: []subCases{{
host: acmeDomain,
expectedCommonName: "acme.wtf",
expectedAlgorithm: x509.RSA,
}},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
template: templateModel{
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
Domains: []types.Domain{{
Main: "acme.wtf",
SANs: []string{"traefik.acme.wtf"},
}},
Acme: map[string]static.CertificateResolver{
"default": {ACME: &acme.Configuration{
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "web"},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
}},
},
Simplify acme e2e tests.
2018-06-27 15:08:05 +02:00
},
}
Create ACME Provider
2018-03-05 20:54:04 +01:00
s.retrieveAcmeCertificate(c, testCase)
}
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
func (s *AcmeSuite) TestHTTP01OnHostRule(c *check.C) {
testCase := acmeTestCase{
Serve TLS-Challenge certificate in first
2018-07-12 19:10:03 +02:00
traefikConfFilePath: "fixtures/acme/acme_base.toml",
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
subCases: []subCases{{
host: acmeDomain,
expectedCommonName: acmeDomain,
expectedAlgorithm: x509.RSA,
}},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
template: templateModel{
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
Acme: map[string]static.CertificateResolver{
"default": {ACME: &acme.Configuration{
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "web"},
}},
},
},
}
s.retrieveAcmeCertificate(c, testCase)
}
func (s *AcmeSuite) TestMultipleResolver(c *check.C) {
testCase := acmeTestCase{
traefikConfFilePath: "fixtures/acme/acme_multiple_resolvers.toml",
subCases: []subCases{
{
host: acmeDomain,
expectedCommonName: acmeDomain,
expectedAlgorithm: x509.RSA,
},
{
host: "tchouk.acme.wtf",
expectedCommonName: "tchouk.acme.wtf",
expectedAlgorithm: x509.ECDSA,
},
},
template: templateModel{
Acme: map[string]static.CertificateResolver{
"default": {ACME: &acme.Configuration{
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "web"},
}},
"tchouk": {ACME: &acme.Configuration{
TLSChallenge: &acme.TLSChallenge{},
KeyType: "EC256",
}},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
},
Simplify acme e2e tests.
2018-06-27 15:08:05 +02:00
},
}
Add option to select algorithm to generate ACME certificates
2018-05-16 11:44:03 +02:00
s.retrieveAcmeCertificate(c, testCase)
}
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
func (s *AcmeSuite) TestHTTP01OnHostRuleECDSA(c *check.C) {
testCase := acmeTestCase{
Serve TLS-Challenge certificate in first
2018-07-12 19:10:03 +02:00
traefikConfFilePath: "fixtures/acme/acme_base.toml",
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
subCases: []subCases{{
host: acmeDomain,
expectedCommonName: acmeDomain,
expectedAlgorithm: x509.ECDSA,
}},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
template: templateModel{
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
Acme: map[string]static.CertificateResolver{
"default": {ACME: &acme.Configuration{
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "web"},
KeyType: "EC384",
}},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
},
Simplify acme e2e tests.
2018-06-27 15:08:05 +02:00
},
}
Add option to select algorithm to generate ACME certificates
2018-05-16 11:44:03 +02:00
s.retrieveAcmeCertificate(c, testCase)
}
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
func (s *AcmeSuite) TestHTTP01OnHostRuleInvalidAlgo(c *check.C) {
testCase := acmeTestCase{
Serve TLS-Challenge certificate in first
2018-07-12 19:10:03 +02:00
traefikConfFilePath: "fixtures/acme/acme_base.toml",
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
subCases: []subCases{{
host: acmeDomain,
expectedCommonName: acmeDomain,
expectedAlgorithm: x509.RSA,
}},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
template: templateModel{
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
Acme: map[string]static.CertificateResolver{
"default": {ACME: &acme.Configuration{
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "web"},
KeyType: "INVALID",
}},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
},
Simplify acme e2e tests.
2018-06-27 15:08:05 +02:00
},
}
Merge branch 'v1.3'
2017-06-27 14:42:12 +02:00
s.retrieveAcmeCertificate(c, testCase)
feature: Add provided certificates check before to generate ACME certificate when OnHostRule is activated - ADD TI to check the new behaviour with onHostRule and provided certificates - ADD TU on the getProvidedCertificate method
2017-06-19 13:22:41 +02:00
}
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
func (s *AcmeSuite) TestHTTP01OnHostRuleDefaultDynamicCertificatesWithWildcard(c *check.C) {
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
testCase := acmeTestCase{
traefikConfFilePath: "fixtures/acme/acme_tls.toml",
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
subCases: []subCases{{
host: acmeDomain,
expectedCommonName: wildcardDomain,
expectedAlgorithm: x509.RSA,
}},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
template: templateModel{
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
Acme: map[string]static.CertificateResolver{
"default": {ACME: &acme.Configuration{
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "web"},
}},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
},
Simplify acme e2e tests.
2018-06-27 15:08:05 +02:00
},
}
Add Let's Encrypt HTTP Challenge
2018-01-15 16:04:05 +01:00
s.retrieveAcmeCertificate(c, testCase)
}
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
func (s *AcmeSuite) TestHTTP01OnHostRuleDynamicCertificatesWithWildcard(c *check.C) {
testCase := acmeTestCase{
traefikConfFilePath: "fixtures/acme/acme_tls_dynamic.toml",
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
subCases: []subCases{{
host: acmeDomain,
expectedCommonName: wildcardDomain,
expectedAlgorithm: x509.RSA,
}},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
template: templateModel{
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
Acme: map[string]static.CertificateResolver{
"default": {ACME: &acme.Configuration{
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "web"},
}},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
},
Simplify acme e2e tests.
2018-06-27 15:08:05 +02:00
},
}
Add Let's Encrypt HTTP Challenge
2018-01-15 16:04:05 +01:00
s.retrieveAcmeCertificate(c, testCase)
}
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
func (s *AcmeSuite) TestTLSALPN01OnHostRuleTCP(c *check.C) {
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
testCase := acmeTestCase{
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
traefikConfFilePath: "fixtures/acme/acme_tcp.toml",
subCases: []subCases{{
host: acmeDomain,
expectedCommonName: acmeDomain,
expectedAlgorithm: x509.RSA,
}},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
template: templateModel{
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
Acme: map[string]static.CertificateResolver{
"default": {ACME: &acme.Configuration{
TLSChallenge: &acme.TLSChallenge{},
}},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
},
Simplify acme e2e tests.
2018-06-27 15:08:05 +02:00
},
}
Make the TLS certificates management dynamic.
2017-11-09 12:16:03 +01:00
s.retrieveAcmeCertificate(c, testCase)
}
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
func (s *AcmeSuite) TestTLSALPN01OnHostRule(c *check.C) {
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
testCase := acmeTestCase{
Serve TLS-Challenge certificate in first
2018-07-12 19:10:03 +02:00
traefikConfFilePath: "fixtures/acme/acme_base.toml",
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
subCases: []subCases{{
host: acmeDomain,
expectedCommonName: acmeDomain,
expectedAlgorithm: x509.RSA,
}},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
template: templateModel{
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
Acme: map[string]static.CertificateResolver{
"default": {ACME: &acme.Configuration{
TLSChallenge: &acme.TLSChallenge{},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
}},
},
},
}
s.retrieveAcmeCertificate(c, testCase)
}
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
func (s *AcmeSuite) TestTLSALPN01Domains(c *check.C) {
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
testCase := acmeTestCase{
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
traefikConfFilePath: "fixtures/acme/acme_domains.toml",
subCases: []subCases{{
host: acmeDomain,
expectedCommonName: acmeDomain,
expectedAlgorithm: x509.RSA,
}},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
template: templateModel{
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
Domains: []types.Domain{{
Main: "traefik.acme.wtf",
}},
Acme: map[string]static.CertificateResolver{
"default": {ACME: &acme.Configuration{
TLSChallenge: &acme.TLSChallenge{},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
}},
},
Simplify acme e2e tests.
2018-06-27 15:08:05 +02:00
},
}
Make the TLS certificates management dynamic.
2017-11-09 12:16:03 +01:00
s.retrieveAcmeCertificate(c, testCase)
feature: Add provided certificates check before to generate ACME certificate when OnHostRule is activated - ADD TI to check the new behaviour with onHostRule and provided certificates - ADD TU on the getProvidedCertificate method
2017-06-19 13:22:41 +02:00
}
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
func (s *AcmeSuite) TestTLSALPN01DomainsInSAN(c *check.C) {
Serve TLS-Challenge certificate in first
2018-07-12 19:10:03 +02:00
testCase := acmeTestCase{
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
traefikConfFilePath: "fixtures/acme/acme_domains.toml",
subCases: []subCases{{
host: acmeDomain,
expectedCommonName: "acme.wtf",
expectedAlgorithm: x509.RSA,
}},
Serve TLS-Challenge certificate in first
2018-07-12 19:10:03 +02:00
template: templateModel{
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
Domains: []types.Domain{{
Main: "acme.wtf",
SANs: []string{"traefik.acme.wtf"},
}},
Acme: map[string]static.CertificateResolver{
"default": {ACME: &acme.Configuration{
TLSChallenge: &acme.TLSChallenge{},
Serve TLS-Challenge certificate in first
2018-07-12 19:10:03 +02:00
}},
},
},
}
s.retrieveAcmeCertificate(c, testCase)
}
Update linter
2020-05-11 12:06:07 +02:00
// Test Let's encrypt down.
Traefik still start when Let's encrypt is down
2018-02-05 18:20:04 +01:00
func (s *AcmeSuite) TestNoValidLetsEncryptServer(c *check.C) {
Serve TLS-Challenge certificate in first
2018-07-12 19:10:03 +02:00
file := s.adaptFile(c, "fixtures/acme/acme_base.toml", templateModel{
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
Acme: map[string]static.CertificateResolver{
"default": {ACME: &acme.Configuration{
CAServer: "http://wrongurl:4001/directory",
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "web"},
}},
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
},
Simplify acme e2e tests.
2018-06-27 15:08:05 +02:00
})
defer os.Remove(file)
cmd, display := s.traefikCmd(withConfigFile(file))
Traefik still start when Let's encrypt is down
2018-02-05 18:20:04 +01:00
defer display(c)
err := cmd.Start()
c.Assert(err, checker.IsNil)
fix: flaky integration tests
2020-10-09 09:32:03 +02:00
defer s.killCmd(cmd)
Traefik still start when Let's encrypt is down
2018-02-05 18:20:04 +01:00
// Expected traefik works
API: expose runtime representation Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-05-16 10:58:06 +02:00
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 10*time.Second, try.StatusCodeIs(http.StatusOK))
Traefik still start when Let's encrypt is down
2018-02-05 18:20:04 +01:00
c.Assert(err, checker.IsNil)
}
feature: Add provided certificates check before to generate ACME certificate when OnHostRule is activated - ADD TI to check the new behaviour with onHostRule and provided certificates - ADD TU on the getProvidedCertificate method
2017-06-19 13:22:41 +02:00
Update linter
2020-05-11 12:06:07 +02:00
// Doing an HTTPS request and test the response certificate.
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase acmeTestCase) {
if len(testCase.template.PortHTTP) == 0 {
testCase.template.PortHTTP = ":5002"
}
if len(testCase.template.PortHTTPS) == 0 {
testCase.template.PortHTTPS = ":5001"
}
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
for _, value := range testCase.template.Acme {
if len(value.ACME.CAServer) == 0 {
value.ACME.CAServer = s.getAcmeURL()
}
ACME TLS ALPN
2018-07-03 12:44:04 +02:00
}
file := s.adaptFile(c, testCase.traefikConfFilePath, testCase.template)
Display Traefik logs in integration test
2017-09-13 10:34:04 +02:00
defer os.Remove(file)
Merge branch 'v1.3'
2017-06-27 14:42:12 +02:00
Display Traefik logs in integration test
2017-09-13 10:34:04 +02:00
cmd, display := s.traefikCmd(withConfigFile(file))
defer display(c)
Add ACME/Let’s Encrypt integration tests Thx @gwallet for the help.
2016-12-12 18:30:31 +01:00
err := cmd.Start()
c.Assert(err, checker.IsNil)
fix: flaky integration tests
2020-10-09 09:32:03 +02:00
defer s.killCmd(cmd)
Fix acme.json file automatic creation
2018-04-10 10:52:04 +02:00
// A real file is needed to have the right mode on acme.json file
defer os.Remove("/tmp/acme.json")
Add ACME/Let’s Encrypt integration tests Thx @gwallet for the help.
2016-12-12 18:30:31 +01:00
Fix domain fronting Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
2020-07-17 15:38:04 +02:00
backend := startTestServer("9010", http.StatusOK, "")
Add ACME/Let’s Encrypt integration tests Thx @gwallet for the help.
2016-12-12 18:30:31 +01:00
defer backend.Close()
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
for _, sub := range testCase.subCases {
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
},
}
Add ACME/Let’s Encrypt integration tests Thx @gwallet for the help.
2016-12-12 18:30:31 +01:00
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
// wait for traefik (generating acme account take some seconds)
err = try.Do(60*time.Second, func() error {
_, errGet := client.Get("https://127.0.0.1:5001")
return errGet
})
c.Assert(err, checker.IsNil)
client = &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
ServerName: sub.host,
},
Simplify acme e2e tests.
2018-06-27 15:08:05 +02:00
},
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
}
Merge branch 'v1.3'
2017-06-27 14:42:12 +02:00
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
req := testhelpers.MustNewRequest(http.MethodGet, "https://127.0.0.1:5001/", nil)
req.Host = sub.host
req.Header.Set("Host", sub.host)
req.Header.Set("Accept", "*/*")
feature: Add provided certificates check before to generate ACME certificate when OnHostRule is activated - ADD TI to check the new behaviour with onHostRule and provided certificates - ADD TU on the getProvidedCertificate method
2017-06-19 13:22:41 +02:00
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
var resp *http.Response
Merge branch 'v1.3'
2017-06-27 14:42:12 +02:00
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
// Retry to send a Request which uses the LE generated certificate
err = try.Do(60*time.Second, func() error {
resp, err = client.Do(req)
Merge branch 'v1.3'
2017-06-27 14:42:12 +02:00
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
// /!\ If connection is not closed, SSLHandshake will only be done during the first trial /!\
req.Close = true
Merge branch 'v1.3'
2017-06-27 14:42:12 +02:00
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
if err != nil {
return err
}
Merge branch 'v1.3'
2017-06-27 14:42:12 +02:00
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
cn := resp.TLS.PeerCertificates[0].Subject.CommonName
if cn != sub.expectedCommonName {
return fmt.Errorf("domain %s found instead of %s", cn, sub.expectedCommonName)
}
Merge branch 'v1.3'
2017-06-27 14:42:12 +02:00
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
return nil
})
Merge branch 'v1.3'
2017-06-27 14:42:12 +02:00
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00
c.Assert(err, checker.IsNil)
c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
// Check Domain into response certificate
c.Assert(resp.TLS.PeerCertificates[0].Subject.CommonName, checker.Equals, sub.expectedCommonName)
c.Assert(resp.TLS.PeerCertificates[0].PublicKeyAlgorithm, checker.Equals, sub.expectedAlgorithm)
}
Add ACME/Let’s Encrypt integration tests Thx @gwallet for the help.
2016-12-12 18:30:31 +01:00
}
Copy Permalink