Dark-Alex-17/kapow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Control API uses automatic cross-pinning mTLS (Closes #119)

Browse Source 
. kapow server generates on startup a pair of certificates
that will use to secure communications to its control server.
It will communicate the server and client certificates as well
as the client private key to the init programs it launches,
via environment variables.

. kapow server now understands a new flag --control-reachable-addr
which accepts either a IP address or a DNS name, that can be used
to ensure that the generated server certificate will be appropiate
in case the control server must be accessed from something other
than localhost.

Co-authored-by: Roberto Abdelkader Martínez Pérez <robertomartinezp@gmail.com>
This commit is contained in:
pancho horrillo
2021-03-12 17:11:12 +01:00
parent ab50721f69
commit 1e63f3c104
18 changed files with 325 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/server/control/control_test.go
-50
View File
@@ -58,56 +58,6 @@ func checkErrorResponse(r *http.Response, expectedErrcode int, expectedReason st
return errList
}
func TestConfigRouterHasRoutesWellConfigured(t *testing.T) {
testCases := []struct {
pattern, method string
handler uintptr
mustMatch bool
vars []string
}{
{"/routes/FOO", http.MethodGet, reflect.ValueOf(getRoute).Pointer(), true, []string{"id"}},
{"/routes/FOO", http.MethodPut, reflect.ValueOf(defMethodNotAllowedHandler).Pointer(), true, []string{}},
{"/routes/FOO", http.MethodPost, reflect.ValueOf(defMethodNotAllowedHandler).Pointer(), true, []string{}},
{"/routes/FOO", http.MethodDelete, reflect.ValueOf(removeRoute).Pointer(), true, []string{"id"}},
{"/routes", http.MethodGet, reflect.ValueOf(listRoutes).Pointer(), true, []string{}},
{"/routes", http.MethodPut, reflect.ValueOf(defMethodNotAllowedHandler).Pointer(), true, []string{}},
{"/routes", http.MethodPost, reflect.ValueOf(addRoute).Pointer(), true, []string{}},
{"/routes", http.MethodDelete, reflect.ValueOf(defMethodNotAllowedHandler).Pointer(), true, []string{}},
{"/", http.MethodGet, reflect.ValueOf(defNotFoundHandler).Pointer(), true, []string{}},
{"/", http.MethodPut, reflect.ValueOf(defNotFoundHandler).Pointer(), true, []string{}},
{"/", http.MethodPost, reflect.ValueOf(defNotFoundHandler).Pointer(), true, []string{}},
{"/", http.MethodDelete, reflect.ValueOf(defNotFoundHandler).Pointer(), true, []string{}},
{"/FOO", http.MethodGet, reflect.ValueOf(defNotFoundHandler).Pointer(), true, []string{}},
{"/FOO", http.MethodPut, reflect.ValueOf(defNotFoundHandler).Pointer(), true, []string{}},
{"/FOO", http.MethodPost, reflect.ValueOf(defNotFoundHandler).Pointer(), true, []string{}},
{"/FOO", http.MethodDelete, reflect.ValueOf(defNotFoundHandler).Pointer(), true, []string{}},
}
r := configRouter()
for _, tc := range testCases {
rm := mux.RouteMatch{}
rq, _ := http.NewRequest(tc.method, tc.pattern, nil)
if matched := r.Match(rq, &rm); tc.mustMatch == matched {
if tc.mustMatch {
// Check for Handler match.
realHandler := reflect.ValueOf(rm.Handler).Pointer()
if realHandler != tc.handler {
t.Errorf("Handler mismatch. Expected: %X, got: %X", tc.handler, realHandler)
}
// Check for variables
for _, vn := range tc.vars {
if _, exists := rm.Vars[vn]; !exists {
t.Errorf("Variable not present: %s", vn)
}
}
}
} else {
t.Errorf("Route mismatch: %+v", tc)
}
}
}
func TestPathValidatorNoErrorWhenCorrectPath(t *testing.T) {
err := pathValidator("/routes/{routeID}")