diff options
| author |  Miek Gieben <miek@miek.nl>
| 2016-08-19 17:14:17 -0700 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2016-08-19 17:14:17 -0700 |
| commit | 9ac3cab1b7b1b1e78f86ce3c6a80fbee312162e6 (patch) | |
| tree | 437e9755927c33af16276ad2602a6da115f948cb /core/https/setup_test.go | |
| parent | a1989c35231b0e5ea271b2f68d82c1a63e697cd0 (diff) | |
| download | coredns-9ac3cab1b7b1b1e78f86ce3c6a80fbee312162e6.tar.gz coredns-9ac3cab1b7b1b1e78f86ce3c6a80fbee312162e6.tar.zst coredns-9ac3cab1b7b1b1e78f86ce3c6a80fbee312162e6.zip | |
Make CoreDNS a server type plugin for Caddy (#220)
* Make CoreDNS a server type plugin for Caddy
Remove code we don't need and port all middleware over. Fix all tests
and rework the documentation.
Also make `go generate` build a caddy binary which we then copy into
our directory. This means `go build`-builds remain working as-is.
And new etc instances in each etcd test for better isolation.
Fix more tests and rework test.Server with the newer support Caddy offers.
Fix Makefile to support new mode of operation.
Diffstat (limited to 'core/https/setup_test.go')
| -rw-r--r-- | core/https/setup_test.go | 226 |
1 files changed, 0 insertions, 226 deletions
diff --git a/core/https/setup_test.go b/core/https/setup_test.go deleted file mode 100644 index 7640eb524..000000000 --- a/core/https/setup_test.go +++ /dev/null @@ -1,226 +0,0 @@ -package https - -// TODO(miek): all fail - -/* -func TestMain(m *testing.M) { - // Write test certificates to disk before tests, and clean up - // when we're done. - err := ioutil.WriteFile(certFile, testCert, 0644) - if err != nil { - log.Fatal(err) - } - err = ioutil.WriteFile(keyFile, testKey, 0644) - if err != nil { - os.Remove(certFile) - log.Fatal(err) - } - - result := m.Run() - - os.Remove(certFile) - os.Remove(keyFile) - os.Exit(result) -} - -func TestSetupParseBasic(t *testing.T) { - c := setup.NewTestController(`tls ` + certFile + ` ` + keyFile + ``) - - _, err := Setup(c) - if err != nil { - t.Errorf("Expected no errors, got: %v", err) - } - - // Basic checks - if !c.TLS.Manual { - t.Error("Expected TLS Manual=true, but was false") - } - if !c.TLS.Enabled { - t.Error("Expected TLS Enabled=true, but was false") - } - - // Security defaults - if c.TLS.ProtocolMinVersion != tls.VersionTLS10 { - t.Errorf("Expected 'tls1.0 (0x0301)' as ProtocolMinVersion, got %#v", c.TLS.ProtocolMinVersion) - } - if c.TLS.ProtocolMaxVersion != tls.VersionTLS12 { - t.Errorf("Expected 'tls1.2 (0x0303)' as ProtocolMaxVersion, got %v", c.TLS.ProtocolMaxVersion) - } - - // Cipher checks - expectedCiphers := []uint16{ - tls.TLS_FALLBACK_SCSV, - tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - tls.TLS_RSA_WITH_AES_256_CBC_SHA, - tls.TLS_RSA_WITH_AES_128_CBC_SHA, - } - - // Ensure count is correct (plus one for TLS_FALLBACK_SCSV) - if len(c.TLS.Ciphers) != len(expectedCiphers) { - t.Errorf("Expected %v Ciphers (including TLS_FALLBACK_SCSV), got %v", - len(expectedCiphers), len(c.TLS.Ciphers)) - } - - // Ensure ordering is correct - for i, actual := range c.TLS.Ciphers { - if actual != expectedCiphers[i] { - t.Errorf("Expected cipher in position %d to be %0x, got %0x", i, expectedCiphers[i], actual) - } - } - - if !c.TLS.PreferServerCipherSuites { - t.Error("Expected PreferServerCipherSuites = true, but was false") - } -} - -func TestSetupParseIncompleteParams(t *testing.T) { - // Using tls without args is an error because it's unnecessary. - c := setup.NewTestController(`tls`) - _, err := Setup(c) - if err == nil { - t.Error("Expected an error, but didn't get one") - } -} - -func TestSetupParseWithOptionalParams(t *testing.T) { - params := `tls ` + certFile + ` ` + keyFile + ` { - protocols ssl3.0 tls1.2 - ciphers RSA-AES256-CBC-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 - }` - c := setup.NewTestController(params) - - _, err := Setup(c) - if err != nil { - t.Errorf("Expected no errors, got: %v", err) - } - - if c.TLS.ProtocolMinVersion != tls.VersionSSL30 { - t.Errorf("Expected 'ssl3.0 (0x0300)' as ProtocolMinVersion, got %#v", c.TLS.ProtocolMinVersion) - } - - if c.TLS.ProtocolMaxVersion != tls.VersionTLS12 { - t.Errorf("Expected 'tls1.2 (0x0302)' as ProtocolMaxVersion, got %#v", c.TLS.ProtocolMaxVersion) - } - - if len(c.TLS.Ciphers)-1 != 3 { - t.Errorf("Expected 3 Ciphers (not including TLS_FALLBACK_SCSV), got %v", len(c.TLS.Ciphers)-1) - } -} - -func TestSetupDefaultWithOptionalParams(t *testing.T) { - params := `tls { - ciphers RSA-3DES-EDE-CBC-SHA - }` - c := setup.NewTestController(params) - - _, err := Setup(c) - if err != nil { - t.Errorf("Expected no errors, got: %v", err) - } - if len(c.TLS.Ciphers)-1 != 1 { - t.Errorf("Expected 1 ciphers (not including TLS_FALLBACK_SCSV), got %v", len(c.TLS.Ciphers)-1) - } -} - -// TODO: If we allow this... but probably not a good idea. -// func TestSetupDisableHTTPRedirect(t *testing.T) { -// c := NewTestController(`tls { -// allow_http -// }`) -// _, err := TLS(c) -// if err != nil { -// t.Errorf("Expected no error, but got %v", err) -// } -// if !c.TLS.DisableHTTPRedir { -// t.Error("Expected HTTP redirect to be disabled, but it wasn't") -// } -// } - -func TestSetupParseWithWrongOptionalParams(t *testing.T) { - // Test protocols wrong params - params := `tls ` + certFile + ` ` + keyFile + ` { - protocols ssl tls - }` - c := setup.NewTestController(params) - _, err := Setup(c) - if err == nil { - t.Errorf("Expected errors, but no error returned") - } - - // Test ciphers wrong params - params = `tls ` + certFile + ` ` + keyFile + ` { - ciphers not-valid-cipher - }` - c = setup.NewTestController(params) - _, err = Setup(c) - if err == nil { - t.Errorf("Expected errors, but no error returned") - } -} - -func TestSetupParseWithClientAuth(t *testing.T) { - params := `tls ` + certFile + ` ` + keyFile + ` { - clients client_ca.crt client2_ca.crt - }` - c := setup.NewTestController(params) - _, err := Setup(c) - if err != nil { - t.Errorf("Expected no errors, got: %v", err) - } - - if count := len(c.TLS.ClientCerts); count != 2 { - t.Fatalf("Expected two client certs, had %d", count) - } - if actual := c.TLS.ClientCerts[0]; actual != "client_ca.crt" { - t.Errorf("Expected first client cert file to be '%s', but was '%s'", "client_ca.crt", actual) - } - if actual := c.TLS.ClientCerts[1]; actual != "client2_ca.crt" { - t.Errorf("Expected second client cert file to be '%s', but was '%s'", "client2_ca.crt", actual) - } - - // Test missing client cert file - params = `tls ` + certFile + ` ` + keyFile + ` { - clients - }` - c = setup.NewTestController(params) - _, err = Setup(c) - if err == nil { - t.Errorf("Expected an error, but no error returned") - } -} - -const ( - certFile = "test_cert.pem" - keyFile = "test_key.pem" -) - -var testCert = []byte(`-----BEGIN CERTIFICATE----- -MIIBkjCCATmgAwIBAgIJANfFCBcABL6LMAkGByqGSM49BAEwFDESMBAGA1UEAxMJ -bG9jYWxob3N0MB4XDTE2MDIxMDIyMjAyNFoXDTE4MDIwOTIyMjAyNFowFDESMBAG -A1UEAxMJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEs22MtnG7 -9K1mvIyjEO9GLx7BFD0tBbGnwQ0VPsuCxC6IeVuXbQDLSiVQvFZ6lUszTlczNxVk -pEfqrM6xAupB7qN1MHMwHQYDVR0OBBYEFHxYDvAxUwL4XrjPev6qZ/BiLDs5MEQG -A1UdIwQ9MDuAFHxYDvAxUwL4XrjPev6qZ/BiLDs5oRikFjAUMRIwEAYDVQQDEwls -b2NhbGhvc3SCCQDXxQgXAAS+izAMBgNVHRMEBTADAQH/MAkGByqGSM49BAEDSAAw -RQIgRvBqbyJM2JCJqhA1FmcoZjeMocmhxQHTt1c+1N2wFUgCIQDtvrivbBPA688N -Qh3sMeAKNKPsx5NxYdoWuu9KWcKz9A== ------END CERTIFICATE----- -`) - -var testKey = []byte(`-----BEGIN EC PARAMETERS----- -BggqhkjOPQMBBw== ------END EC PARAMETERS----- ------BEGIN EC PRIVATE KEY----- -MHcCAQEEIGLtRmwzYVcrH3J0BnzYbGPdWVF10i9p6mxkA4+b2fURoAoGCCqGSM49 -AwEHoUQDQgAEs22MtnG79K1mvIyjEO9GLx7BFD0tBbGnwQ0VPsuCxC6IeVuXbQDL -SiVQvFZ6lUszTlczNxVkpEfqrM6xAupB7g== ------END EC PRIVATE KEY----- -`) -*/ |