Merge pull request #670 from rqlite/enc_utils

Add utilities for testing encrypted nodes
4 years ago · 284a2ad2fb
parent d9227fd5c5 c9de4c2941
commit 284a2ad2fb
3 changed files with 61 additions and 26 deletions
--- a/system_test/helpers.go
+++ b/system_test/helpers.go
@ -14,16 +14,21 @@ import (
 	httpd "github.com/rqlite/rqlite/http"
 	"github.com/rqlite/rqlite/store"
 	"github.com/rqlite/rqlite/tcp"
+	"github.com/rqlite/rqlite/testdata/x509"
 )

 // Node represents a node under test.
 type Node struct {
-	APIAddr  string
-	RaftAddr string
-	ID       string
-	Dir      string
-	Store    *store.Store
-	Service  *httpd.Service
+	APIAddr      string
+	RaftAddr     string
+	ID           string
+	Dir          string
+	NodeCertPath string
+	NodeKeyPath  string
+	HTTPCertPath string
+	HTTPKeyPath  string
+	Store        *store.Store
+	Service      *httpd.Service
 }

 // SameAs returns true if this node is the same as node o.
@ -311,15 +316,37 @@ func DoJoinRequest(nodeAddr, raftID, raftAddr string, voter bool) (*http.Respons
 }

 func mustNewNode(enableSingle bool) *Node {
+	return mustNewNodeEncrypted(enableSingle, false, false)
+}
+
+func mustNewNodeEncrypted(enableSingle, httpEncrypt, nodeEncrypt bool) *Node {
+	dir := mustTempDir()
+	nodeCertPath := x509.CertFile(dir)
+	nodeKeyPath := x509.KeyFile(dir)
+	httpCertPath := nodeCertPath
+	httpKeyPath := nodeKeyPath
+
 	node := &Node{
-		Dir: mustTempDir(),
+		Dir:          dir,
+		NodeCertPath: nodeCertPath,
+		NodeKeyPath:  nodeKeyPath,
+		HTTPCertPath: httpCertPath,
+		HTTPKeyPath:  httpKeyPath,
 	}

 	dbConf := store.NewDBConfig("", false)
-	tn := tcp.NewTransport()
+
+	var tn *tcp.Transport
+	if nodeEncrypt {
+		tn = tcp.NewTLSTransport(node.NodeCertPath, node.NodeCertPath, true)
+	} else {
+		tn = tcp.NewTransport()
+	}
+
 	if err := tn.Open("localhost:0"); err != nil {
 		panic(err.Error())
 	}
+
 	node.Store = store.New(tn, &store.StoreConfig{
 		DBConf: dbConf,
 		Dir:    node.Dir,
@ -337,6 +364,11 @@ func mustNewNode(enableSingle bool) *Node {

 	node.Service = httpd.New("localhost:0", node.Store, nil)
 	node.Service.Expvar = true
+	if httpEncrypt {
+		node.Service.CertFile = node.HTTPCertPath
+		node.Service.KeyFile = node.HTTPKeyPath
+	}
+
 	if err := node.Service.Start(); err != nil {
 		node.Deprovision()
 		panic(fmt.Sprintf("failed to start HTTP server: %s", err.Error()))
--- a/tcp/transport_test.go
+++ b/tcp/transport_test.go
@ -41,9 +41,9 @@ func Test_TransportDial(t *testing.T) {
 }

 func Test_NewTLSTransport(t *testing.T) {
-	c := x509.CertFile()
+	c := x509.CertFile("")
 	defer os.Remove(c)
-	k := x509.KeyFile()
+	k := x509.KeyFile("")
 	defer os.Remove(k)

 	if NewTLSTransport(c, k, true) == nil {
@ -52,9 +52,9 @@ func Test_NewTLSTransport(t *testing.T) {
 }

 func Test_TLSTransportOpenClose(t *testing.T) {
-	c := x509.CertFile()
+	c := x509.CertFile("")
 	defer os.Remove(c)
-	k := x509.KeyFile()
+	k := x509.KeyFile("")
 	defer os.Remove(k)

 	tn := NewTLSTransport(c, k, true)
--- a/testdata/x509/resources.go
+++ b/testdata/x509/resources.go
@ -4,32 +4,35 @@ import (
 	"io/ioutil"
 )

-// CertFile returns the path to a temporary file containing a cert.
-// It is up to the caller to remove the file when finished.
-func CertFile() string {
-	return mustWriteToFile(cert)
+// CertFile returns the path to a temporary file, in directory dir, containing a cert.
+// It is up to the caller to remove the file when finished. If dir is the empty string
+// then the default directory for temporary files is used.
+func CertFile(dir string) string {
+	return mustWriteToFile(dir, cert)
 }

-// KeyFile returns the path to a temporary file containing a key.
-// It is up to the caller to remove the file when finished.
-func KeyFile() string {
-	return mustWriteToFile(key)
+// KeyFile returns the path to a temporary file, in directory dir, containing a key.
+// It is up to the caller to remove the file when finished.If dir is the empty string
+// then the default directory for temporary files is used.
+func KeyFile(dir string) string {
+	return mustWriteToFile(dir, key)
 }

-func mustWriteToFile(content string) string {
+func mustWriteToFile(dir, content string) string {
 	b := []byte(content)

-	path := mustTempFile()
+	path := mustTempFile(dir)
 	if err := ioutil.WriteFile(path, b, 0600); err != nil {
 		panic(err.Error())
 	}
 	return path
 }

-// mustTempFile returns a path to a temporary file. It is up to the
-// caller to remove the file once it is no longer needed.
-func mustTempFile() string {
-	tmpfile, err := ioutil.TempFile("", "rqlite-tls-test")
+// mustTempFile returns a path to a temporary file in directory dir. It is up to the
+// caller to remove the file once it is no longer needed. If dir is the empty
+// string, then the default directory for temporary files is used.
+func mustTempFile(dir string) string {
+	tmpfile, err := ioutil.TempFile(dir, "rqlite-tls-test")
 	if err != nil {
 		panic(err.Error())
 	}