1package api 2 3import ( 4 "testing" 5 "time" 6 7 "github.com/stretchr/testify/require" 8 9 "github.com/hashicorp/consul/sdk/testutil" 10 "github.com/hashicorp/consul/sdk/testutil/retry" 11) 12 13func TestAPI_ConnectCARoots_empty(t *testing.T) { 14 t.Parallel() 15 16 require := require.New(t) 17 c, s := makeClientWithConfig(t, nil, func(c *testutil.TestServerConfig) { 18 // Don't bootstrap CA 19 c.Connect = nil 20 }) 21 defer s.Stop() 22 23 s.WaitForSerfCheck(t) 24 25 connect := c.Connect() 26 _, _, err := connect.CARoots(nil) 27 28 require.Error(err) 29 require.Contains(err.Error(), "Connect must be enabled") 30} 31 32func TestAPI_ConnectCARoots_list(t *testing.T) { 33 t.Parallel() 34 35 c, s := makeClient(t) 36 defer s.Stop() 37 38 // This fails occasionally if server doesn't have time to bootstrap CA so 39 // retry 40 retry.Run(t, func(r *retry.R) { 41 connect := c.Connect() 42 list, meta, err := connect.CARoots(nil) 43 r.Check(err) 44 if meta.LastIndex == 0 { 45 r.Fatalf("expected roots raft index to be > 0") 46 } 47 if v := len(list.Roots); v != 1 { 48 r.Fatalf("expected 1 root, got %d", v) 49 } 50 // connect.TestClusterID causes import cycle so hard code it 51 if list.TrustDomain != "11111111-2222-3333-4444-555555555555.consul" { 52 r.Fatalf("expected fixed trust domain got '%s'", list.TrustDomain) 53 } 54 }) 55 56} 57 58func TestAPI_ConnectCAConfig_get_set(t *testing.T) { 59 t.Parallel() 60 61 c, s := makeClient(t) 62 defer s.Stop() 63 64 s.WaitForSerfCheck(t) 65 expected := &ConsulCAProviderConfig{ 66 IntermediateCertTTL: 365 * 24 * time.Hour, 67 } 68 expected.LeafCertTTL = 72 * time.Hour 69 70 // This fails occasionally if server doesn't have time to bootstrap CA so 71 // retry 72 retry.Run(t, func(r *retry.R) { 73 connect := c.Connect() 74 75 conf, _, err := connect.CAGetConfig(nil) 76 r.Check(err) 77 if conf.Provider != "consul" { 78 r.Fatalf("expected default provider, got %q", conf.Provider) 79 } 80 parsed, err := ParseConsulCAConfig(conf.Config) 81 r.Check(err) 82 require.Equal(r, expected, parsed) 83 84 // Change a config value and update 85 conf.Config["PrivateKey"] = "" 86 conf.Config["IntermediateCertTTL"] = 300 * 24 * time.Hour 87 88 // Pass through some state as if the provider stored it so we can make sure 89 // we can read it again. 90 conf.Config["test_state"] = map[string]string{"foo": "bar"} 91 92 _, err = connect.CASetConfig(conf, nil) 93 r.Check(err) 94 95 updated, _, err := connect.CAGetConfig(nil) 96 r.Check(err) 97 expected.IntermediateCertTTL = 300 * 24 * time.Hour 98 parsed, err = ParseConsulCAConfig(updated.Config) 99 r.Check(err) 100 require.Equal(r, expected, parsed) 101 require.Equal(r, "bar", updated.State["foo"]) 102 }) 103} 104