Update to go1.13rc1
This commit is contained in:
parent
e1831c4c60
commit
89150e1164
12 changed files with 128 additions and 61 deletions
|
@ -37,6 +37,7 @@
|
||||||
"gochecknoinits",
|
"gochecknoinits",
|
||||||
"gochecknoglobals",
|
"gochecknoglobals",
|
||||||
"bodyclose", # Too many false-positive and panics.
|
"bodyclose", # Too many false-positive and panics.
|
||||||
|
"typecheck", # v1.17.1 and Go1.13 => bug
|
||||||
]
|
]
|
||||||
|
|
||||||
[issues]
|
[issues]
|
||||||
|
|
|
@ -2,19 +2,19 @@
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
curl -O https://dl.google.com/go/go1.12.linux-amd64.tar.gz
|
curl -O https://dl.google.com/go/go"${GO_VERSION}".linux-amd64.tar.gz
|
||||||
|
|
||||||
tar -xvf go1.12.linux-amd64.tar.gz
|
tar -xvf go"${GO_VERSION}".linux-amd64.tar.gz
|
||||||
rm -rf go1.12.linux-amd64.tar.gz
|
rm -rf go"${GO_VERSION}".linux-amd64.tar.gz
|
||||||
|
|
||||||
sudo mkdir -p /usr/local/golang/1.12/go
|
sudo mkdir -p /usr/local/golang/"${GO_VERSION}"/go
|
||||||
sudo mv go /usr/local/golang/1.12/
|
sudo mv go /usr/local/golang/"${GO_VERSION}"/
|
||||||
|
|
||||||
sudo rm /usr/local/bin/go
|
sudo rm /usr/local/bin/go
|
||||||
sudo chmod +x /usr/local/golang/1.12/go/bin/go
|
sudo chmod +x /usr/local/golang/"${GO_VERSION}"/go/bin/go
|
||||||
sudo ln -s /usr/local/golang/1.12/go/bin/go /usr/local/bin/go
|
sudo ln -s /usr/local/golang/"${GO_VERSION}"/go/bin/go /usr/local/bin/go
|
||||||
|
|
||||||
export GOROOT="/usr/local/golang/1.12/go"
|
export GOROOT="/usr/local/golang/${GO_VERSION}/go"
|
||||||
export GOTOOLDIR="/usr/local/golang/1.12/go/pkg/tool/linux_amd64"
|
export GOTOOLDIR="/usr/local/golang/${GO_VERSION}/go/pkg/tool/linux_amd64"
|
||||||
|
|
||||||
go version
|
go version
|
||||||
|
|
|
@ -7,6 +7,7 @@ sudo dd if=/dev/zero of=/swapfile bs=1M count=3072
|
||||||
sudo mkswap /swapfile
|
sudo mkswap /swapfile
|
||||||
sudo swapon /swapfile
|
sudo swapon /swapfile
|
||||||
sudo rm -rf /home/runner/.rbenv
|
sudo rm -rf /home/runner/.rbenv
|
||||||
|
sudo rm -rf /usr/local/golang/{1.4.3,1.5.4,1.6.4,1.7.6,1.8.6,1.9.7,1.10.3,1.11}
|
||||||
#export DOCKER_VERSION=18.06.3
|
#export DOCKER_VERSION=18.06.3
|
||||||
source .semaphoreci/vars
|
source .semaphoreci/vars
|
||||||
if [ -z "${PULL_REQUEST_NUMBER}" ]; then SHOULD_TEST="-*-"; else TEMP_STORAGE=$(curl --silent https://patch-diff.githubusercontent.com/raw/containous/traefik/pull/${PULL_REQUEST_NUMBER}.diff | patch --dry-run -p1 -R || true); fi
|
if [ -z "${PULL_REQUEST_NUMBER}" ]; then SHOULD_TEST="-*-"; else TEMP_STORAGE=$(curl --silent https://patch-diff.githubusercontent.com/raw/containous/traefik/pull/${PULL_REQUEST_NUMBER}.diff | patch --dry-run -p1 -R || true); fi
|
||||||
|
@ -17,11 +18,21 @@ echo ${SHOULD_TEST}
|
||||||
#if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq update; fi
|
#if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq update; fi
|
||||||
#if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install docker-ce=${DOCKER_VERSION}*; fi
|
#if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install docker-ce=${DOCKER_VERSION}*; fi
|
||||||
if [ -n "$SHOULD_TEST" ]; then docker version; fi
|
if [ -n "$SHOULD_TEST" ]; then docker version; fi
|
||||||
|
|
||||||
|
export GO_VERSION=1.12
|
||||||
|
if [ -f "./go.mod" ]; then GO_VERSION="$(grep '^go .*' go.mod | awk '{print $2}')"; export GO_VERSION; fi
|
||||||
|
if [ "${GO_VERSION}" == '1.13' ]; then export GO_VERSION=1.13rc1; fi
|
||||||
|
echo "Selected Go version: ${GO_VERSION}"
|
||||||
|
|
||||||
if [ -f "./.semaphoreci/golang.sh" ]; then ./.semaphoreci/golang.sh; fi
|
if [ -f "./.semaphoreci/golang.sh" ]; then ./.semaphoreci/golang.sh; fi
|
||||||
if [ -f "./.semaphoreci/golang.sh" ]; then export GOROOT="/usr/local/golang/1.12/go"; fi
|
if [ -f "./.semaphoreci/golang.sh" ]; then export GOROOT="/usr/local/golang/${GO_VERSION}/go"; fi
|
||||||
if [ -f "./.semaphoreci/golang.sh" ]; then export GOTOOLDIR="/usr/local/golang/1.12/go/pkg/tool/linux_amd64"; fi
|
if [ -f "./.semaphoreci/golang.sh" ]; then export GOTOOLDIR="/usr/local/golang/${GO_VERSION}/go/pkg/tool/linux_amd64"; fi
|
||||||
|
go version
|
||||||
|
|
||||||
if [ -f "./go.mod" ]; then export GO111MODULE=on; fi
|
if [ -f "./go.mod" ]; then export GO111MODULE=on; fi
|
||||||
if [ -f "./go.mod" ]; then export GOPROXY=https://proxy.golang.org; fi
|
if [ -f "./go.mod" ]; then export GOPROXY=https://proxy.golang.org; fi
|
||||||
if [ -f "./go.mod" ]; then go mod download; fi
|
if [ -f "./go.mod" ]; then go mod download; fi
|
||||||
sudo rm -rf /usr/local/golang/1.4.3/ /usr/local/golang/1.5.4/ /usr/local/golang/1.6.4 /usr/local/golang/1.7.6 /usr/local/golang/1.8.6 /usr/local/golang/1.9.7 /usr/local/golang/1.10.3
|
|
||||||
df
|
df
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
FROM golang:1.12-alpine
|
FROM golang:1.13rc1-alpine
|
||||||
|
|
||||||
RUN apk --update upgrade \
|
RUN apk --update upgrade \
|
||||||
&& apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
|
&& apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
|
||||||
|
|
|
@ -33,14 +33,6 @@ import (
|
||||||
"github.com/vulcand/oxy/roundrobin"
|
"github.com/vulcand/oxy/roundrobin"
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
|
||||||
goDebug := os.Getenv("GODEBUG")
|
|
||||||
if len(goDebug) > 0 {
|
|
||||||
goDebug += ","
|
|
||||||
}
|
|
||||||
os.Setenv("GODEBUG", goDebug+"tls13=1")
|
|
||||||
}
|
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
// traefik config inits
|
// traefik config inits
|
||||||
tConfig := cmd.NewTraefikConfiguration()
|
tConfig := cmd.NewTraefikConfiguration()
|
||||||
|
|
|
@ -28,7 +28,7 @@ Successfully tagged traefik-webui:latest
|
||||||
[...]
|
[...]
|
||||||
docker build -t "traefik-dev:4475--feature-documentation" -f build.Dockerfile .
|
docker build -t "traefik-dev:4475--feature-documentation" -f build.Dockerfile .
|
||||||
Sending build context to Docker daemon 279MB
|
Sending build context to Docker daemon 279MB
|
||||||
Step 1/10 : FROM golang:1.12-alpine
|
Step 1/10 : FROM golang:1.13rc1-alpine
|
||||||
---> f4bfb3d22bda
|
---> f4bfb3d22bda
|
||||||
[...]
|
[...]
|
||||||
Successfully built 5c3c1a911277
|
Successfully built 5c3c1a911277
|
||||||
|
@ -60,7 +60,7 @@ PRE_TARGET= make test-unit
|
||||||
|
|
||||||
Requirements:
|
Requirements:
|
||||||
|
|
||||||
- `go` v1.12+
|
- `go` v1.13+
|
||||||
- environment variable `GO111MODULE=on`
|
- environment variable `GO111MODULE=on`
|
||||||
|
|
||||||
!!! tip "Source Directory"
|
!!! tip "Source Directory"
|
||||||
|
|
|
@ -12,7 +12,7 @@ RUN yarn install
|
||||||
RUN npm run build
|
RUN npm run build
|
||||||
|
|
||||||
# BUILD
|
# BUILD
|
||||||
FROM golang:1.12-alpine as gobuild
|
FROM golang:1.13rc1-alpine as gobuild
|
||||||
|
|
||||||
RUN apk --update upgrade \
|
RUN apk --update upgrade \
|
||||||
&& apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
|
&& apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
|
||||||
|
|
2
go.mod
2
go.mod
|
@ -1,6 +1,6 @@
|
||||||
module github.com/containous/traefik/v2
|
module github.com/containous/traefik/v2
|
||||||
|
|
||||||
go 1.12
|
go 1.13
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect
|
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect
|
||||||
|
|
|
@ -31,12 +31,12 @@
|
||||||
[http.services.service1]
|
[http.services.service1]
|
||||||
[http.services.service1.loadBalancer]
|
[http.services.service1.loadBalancer]
|
||||||
[[http.services.service1.loadBalancer.servers]]
|
[[http.services.service1.loadBalancer.servers]]
|
||||||
url = "http://127.0.0.1:9010"
|
url = "{{ .Server1 }}"
|
||||||
|
|
||||||
[http.services.service2]
|
[http.services.service2]
|
||||||
[http.services.service2.loadBalancer]
|
[http.services.service2.loadBalancer]
|
||||||
[[http.services.service2.loadBalancer.servers]]
|
[[http.services.service2.loadBalancer.servers]]
|
||||||
url = "http://127.0.0.1:9020"
|
url = "{{ .Server2 }}"
|
||||||
|
|
||||||
[[tls.certificates]]
|
[[tls.certificates]]
|
||||||
certFile = "fixtures/https/snitest.com.cert"
|
certFile = "fixtures/https/snitest.com.cert"
|
||||||
|
|
|
@ -30,12 +30,12 @@
|
||||||
[http.services.service1]
|
[http.services.service1]
|
||||||
[http.services.service1.loadBalancer]
|
[http.services.service1.loadBalancer]
|
||||||
[[http.services.service1.loadBalancer.servers]]
|
[[http.services.service1.loadBalancer.servers]]
|
||||||
url = "http://127.0.0.1:9010"
|
url = "{{ .Server1 }}"
|
||||||
|
|
||||||
[http.services.service2]
|
[http.services.service2]
|
||||||
[http.services.service2.loadBalancer]
|
[http.services.service2.loadBalancer]
|
||||||
[[http.services.service2.loadBalancer.servers]]
|
[[http.services.service2.loadBalancer.servers]]
|
||||||
url = "http://127.0.0.1:9020"
|
url = "{{ .Server2 }}"
|
||||||
|
|
||||||
[[tls.certificates]]
|
[[tls.certificates]]
|
||||||
certFile = "fixtures/https/snitest.com.cert"
|
certFile = "fixtures/https/snitest.com.cert"
|
||||||
|
|
|
@ -501,7 +501,21 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthentication(c *check.C) {
|
||||||
// TestWithClientCertificateAuthentication
|
// TestWithClientCertificateAuthentication
|
||||||
// Use two CA:s and test that clients with client signed by either of them can connect
|
// Use two CA:s and test that clients with client signed by either of them can connect
|
||||||
func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipleCAs(c *check.C) {
|
func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipleCAs(c *check.C) {
|
||||||
file := s.adaptFile(c, "fixtures/https/clientca/https_2ca1config.toml", struct{}{})
|
server1 := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, _ *http.Request) { rw.Write([]byte("server1")) }))
|
||||||
|
server2 := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, _ *http.Request) { rw.Write([]byte("server2")) }))
|
||||||
|
defer func() {
|
||||||
|
server1.Close()
|
||||||
|
server2.Close()
|
||||||
|
}()
|
||||||
|
|
||||||
|
file := s.adaptFile(c, "fixtures/https/clientca/https_2ca1config.toml", struct {
|
||||||
|
Server1 string
|
||||||
|
Server2 string
|
||||||
|
}{
|
||||||
|
Server1: server1.URL,
|
||||||
|
Server2: server2.URL,
|
||||||
|
})
|
||||||
|
|
||||||
defer os.Remove(file)
|
defer os.Remove(file)
|
||||||
cmd, display := s.traefikCmd(withConfigFile(file))
|
cmd, display := s.traefikCmd(withConfigFile(file))
|
||||||
defer display(c)
|
defer display(c)
|
||||||
|
@ -513,24 +527,32 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipleCAs(c *check
|
||||||
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("Host(`snitest.org`)"))
|
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("Host(`snitest.org`)"))
|
||||||
c.Assert(err, checker.IsNil)
|
c.Assert(err, checker.IsNil)
|
||||||
|
|
||||||
|
req, err := http.NewRequest(http.MethodGet, "https://127.0.0.1:4443", nil)
|
||||||
|
c.Assert(err, checker.IsNil)
|
||||||
|
req.Host = "snitest.com"
|
||||||
|
|
||||||
tlsConfig := &tls.Config{
|
tlsConfig := &tls.Config{
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
ServerName: "snitest.com",
|
ServerName: "snitest.com",
|
||||||
Certificates: []tls.Certificate{},
|
Certificates: []tls.Certificate{},
|
||||||
}
|
}
|
||||||
// Connection without client certificate should fail
|
|
||||||
_, err = tls.Dial("tcp", "127.0.0.1:4443", tlsConfig)
|
|
||||||
c.Assert(err, checker.NotNil, check.Commentf("should not be allowed to connect to server"))
|
|
||||||
|
|
||||||
// Connect with client signed by ca1
|
client := http.Client{
|
||||||
|
Transport: &http.Transport{TLSClientConfig: tlsConfig},
|
||||||
|
Timeout: 1 * time.Second,
|
||||||
|
}
|
||||||
|
|
||||||
|
// Connection without client certificate should fail
|
||||||
|
_, err = client.Do(req)
|
||||||
|
c.Assert(err, checker.NotNil)
|
||||||
|
|
||||||
cert, err := tls.LoadX509KeyPair("fixtures/https/clientca/client1.crt", "fixtures/https/clientca/client1.key")
|
cert, err := tls.LoadX509KeyPair("fixtures/https/clientca/client1.crt", "fixtures/https/clientca/client1.key")
|
||||||
c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key"))
|
c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key"))
|
||||||
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
|
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
|
||||||
|
|
||||||
conn, err := tls.Dial("tcp", "127.0.0.1:4443", tlsConfig)
|
// Connect with client signed by ca1
|
||||||
c.Assert(err, checker.IsNil, check.Commentf("failed to connect to server"))
|
_, err = client.Do(req)
|
||||||
|
c.Assert(err, checker.IsNil)
|
||||||
conn.Close()
|
|
||||||
|
|
||||||
// Connect with client signed by ca2
|
// Connect with client signed by ca2
|
||||||
tlsConfig = &tls.Config{
|
tlsConfig = &tls.Config{
|
||||||
|
@ -538,14 +560,19 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipleCAs(c *check
|
||||||
ServerName: "snitest.com",
|
ServerName: "snitest.com",
|
||||||
Certificates: []tls.Certificate{},
|
Certificates: []tls.Certificate{},
|
||||||
}
|
}
|
||||||
|
|
||||||
cert, err = tls.LoadX509KeyPair("fixtures/https/clientca/client2.crt", "fixtures/https/clientca/client2.key")
|
cert, err = tls.LoadX509KeyPair("fixtures/https/clientca/client2.crt", "fixtures/https/clientca/client2.key")
|
||||||
c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key"))
|
c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key"))
|
||||||
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
|
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
|
||||||
|
|
||||||
conn, err = tls.Dial("tcp", "127.0.0.1:4443", tlsConfig)
|
client = http.Client{
|
||||||
c.Assert(err, checker.IsNil, check.Commentf("failed to connect to server"))
|
Transport: &http.Transport{TLSClientConfig: tlsConfig},
|
||||||
|
Timeout: 1 * time.Second,
|
||||||
|
}
|
||||||
|
|
||||||
conn.Close()
|
// Connect with client signed by ca1
|
||||||
|
_, err = client.Do(req)
|
||||||
|
c.Assert(err, checker.IsNil)
|
||||||
|
|
||||||
// Connect with client signed by ca3 should fail
|
// Connect with client signed by ca3 should fail
|
||||||
tlsConfig = &tls.Config{
|
tlsConfig = &tls.Config{
|
||||||
|
@ -553,18 +580,38 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipleCAs(c *check
|
||||||
ServerName: "snitest.com",
|
ServerName: "snitest.com",
|
||||||
Certificates: []tls.Certificate{},
|
Certificates: []tls.Certificate{},
|
||||||
}
|
}
|
||||||
|
|
||||||
cert, err = tls.LoadX509KeyPair("fixtures/https/clientca/client3.crt", "fixtures/https/clientca/client3.key")
|
cert, err = tls.LoadX509KeyPair("fixtures/https/clientca/client3.crt", "fixtures/https/clientca/client3.key")
|
||||||
c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key"))
|
c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key"))
|
||||||
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
|
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
|
||||||
|
|
||||||
_, err = tls.Dial("tcp", "127.0.0.1:4443", tlsConfig)
|
client = http.Client{
|
||||||
c.Assert(err, checker.NotNil, check.Commentf("should not be allowed to connect to server"))
|
Transport: &http.Transport{TLSClientConfig: tlsConfig},
|
||||||
|
Timeout: 1 * time.Second,
|
||||||
|
}
|
||||||
|
|
||||||
|
// Connect with client signed by ca1
|
||||||
|
_, err = client.Do(req)
|
||||||
|
c.Assert(err, checker.NotNil)
|
||||||
}
|
}
|
||||||
|
|
||||||
// TestWithClientCertificateAuthentication
|
// TestWithClientCertificateAuthentication
|
||||||
// Use two CA:s in two different files and test that clients with client signed by either of them can connect
|
// Use two CA:s in two different files and test that clients with client signed by either of them can connect
|
||||||
func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipleCAsMultipleFiles(c *check.C) {
|
func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipleCAsMultipleFiles(c *check.C) {
|
||||||
file := s.adaptFile(c, "fixtures/https/clientca/https_2ca2config.toml", struct{}{})
|
server1 := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, _ *http.Request) { rw.Write([]byte("server1")) }))
|
||||||
|
server2 := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, _ *http.Request) { rw.Write([]byte("server2")) }))
|
||||||
|
defer func() {
|
||||||
|
server1.Close()
|
||||||
|
server2.Close()
|
||||||
|
}()
|
||||||
|
|
||||||
|
file := s.adaptFile(c, "fixtures/https/clientca/https_2ca2config.toml", struct {
|
||||||
|
Server1 string
|
||||||
|
Server2 string
|
||||||
|
}{
|
||||||
|
Server1: server1.URL,
|
||||||
|
Server2: server2.URL,
|
||||||
|
})
|
||||||
defer os.Remove(file)
|
defer os.Remove(file)
|
||||||
cmd, display := s.traefikCmd(withConfigFile(file))
|
cmd, display := s.traefikCmd(withConfigFile(file))
|
||||||
defer display(c)
|
defer display(c)
|
||||||
|
@ -576,24 +623,32 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipleCAsMultipleF
|
||||||
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("Host(`snitest.org`)"))
|
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("Host(`snitest.org`)"))
|
||||||
c.Assert(err, checker.IsNil)
|
c.Assert(err, checker.IsNil)
|
||||||
|
|
||||||
|
req, err := http.NewRequest(http.MethodGet, "https://127.0.0.1:4443", nil)
|
||||||
|
c.Assert(err, checker.IsNil)
|
||||||
|
req.Host = "snitest.com"
|
||||||
|
|
||||||
tlsConfig := &tls.Config{
|
tlsConfig := &tls.Config{
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
ServerName: "snitest.com",
|
ServerName: "snitest.com",
|
||||||
Certificates: []tls.Certificate{},
|
Certificates: []tls.Certificate{},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
client := http.Client{
|
||||||
|
Transport: &http.Transport{TLSClientConfig: tlsConfig},
|
||||||
|
Timeout: 1 * time.Second,
|
||||||
|
}
|
||||||
|
|
||||||
// Connection without client certificate should fail
|
// Connection without client certificate should fail
|
||||||
_, err = tls.Dial("tcp", "127.0.0.1:4443", tlsConfig)
|
_, err = client.Do(req)
|
||||||
c.Assert(err, checker.NotNil, check.Commentf("should not be allowed to connect to server"))
|
c.Assert(err, checker.NotNil)
|
||||||
|
|
||||||
// Connect with client signed by ca1
|
// Connect with client signed by ca1
|
||||||
cert, err := tls.LoadX509KeyPair("fixtures/https/clientca/client1.crt", "fixtures/https/clientca/client1.key")
|
cert, err := tls.LoadX509KeyPair("fixtures/https/clientca/client1.crt", "fixtures/https/clientca/client1.key")
|
||||||
c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key"))
|
c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key"))
|
||||||
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
|
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
|
||||||
|
|
||||||
conn, err := tls.Dial("tcp", "127.0.0.1:4443", tlsConfig)
|
_, err = client.Do(req)
|
||||||
c.Assert(err, checker.IsNil, check.Commentf("failed to connect to server"))
|
c.Assert(err, checker.IsNil)
|
||||||
|
|
||||||
conn.Close()
|
|
||||||
|
|
||||||
// Connect with client signed by ca2
|
// Connect with client signed by ca2
|
||||||
tlsConfig = &tls.Config{
|
tlsConfig = &tls.Config{
|
||||||
|
@ -601,13 +656,18 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipleCAsMultipleF
|
||||||
ServerName: "snitest.com",
|
ServerName: "snitest.com",
|
||||||
Certificates: []tls.Certificate{},
|
Certificates: []tls.Certificate{},
|
||||||
}
|
}
|
||||||
|
|
||||||
cert, err = tls.LoadX509KeyPair("fixtures/https/clientca/client2.crt", "fixtures/https/clientca/client2.key")
|
cert, err = tls.LoadX509KeyPair("fixtures/https/clientca/client2.crt", "fixtures/https/clientca/client2.key")
|
||||||
c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key"))
|
c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key"))
|
||||||
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
|
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
|
||||||
|
|
||||||
conn, err = tls.Dial("tcp", "127.0.0.1:4443", tlsConfig)
|
client = http.Client{
|
||||||
c.Assert(err, checker.IsNil, check.Commentf("failed to connect to server"))
|
Transport: &http.Transport{TLSClientConfig: tlsConfig},
|
||||||
conn.Close()
|
Timeout: 1 * time.Second,
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = client.Do(req)
|
||||||
|
c.Assert(err, checker.IsNil)
|
||||||
|
|
||||||
// Connect with client signed by ca3 should fail
|
// Connect with client signed by ca3 should fail
|
||||||
tlsConfig = &tls.Config{
|
tlsConfig = &tls.Config{
|
||||||
|
@ -615,12 +675,18 @@ func (s *HTTPSSuite) TestWithClientCertificateAuthenticationMultipleCAsMultipleF
|
||||||
ServerName: "snitest.com",
|
ServerName: "snitest.com",
|
||||||
Certificates: []tls.Certificate{},
|
Certificates: []tls.Certificate{},
|
||||||
}
|
}
|
||||||
|
|
||||||
cert, err = tls.LoadX509KeyPair("fixtures/https/clientca/client3.crt", "fixtures/https/clientca/client3.key")
|
cert, err = tls.LoadX509KeyPair("fixtures/https/clientca/client3.crt", "fixtures/https/clientca/client3.key")
|
||||||
c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key"))
|
c.Assert(err, checker.IsNil, check.Commentf("unable to load client certificate and key"))
|
||||||
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
|
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
|
||||||
|
|
||||||
_, err = tls.Dial("tcp", "127.0.0.1:4443", tlsConfig)
|
client = http.Client{
|
||||||
c.Assert(err, checker.NotNil, check.Commentf("should not be allowed to connect to server"))
|
Transport: &http.Transport{TLSClientConfig: tlsConfig},
|
||||||
|
Timeout: 1 * time.Second,
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = client.Do(req)
|
||||||
|
c.Assert(err, checker.NotNil)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *HTTPSSuite) TestWithRootCAsContentForHTTPSOnBackend(c *check.C) {
|
func (s *HTTPSSuite) TestWithRootCAsContentForHTTPSOnBackend(c *check.C) {
|
||||||
|
|
|
@ -27,11 +27,6 @@ var host = flag.Bool("host", false, "run host integration tests")
|
||||||
var showLog = flag.Bool("tlog", false, "always show Traefik logs")
|
var showLog = flag.Bool("tlog", false, "always show Traefik logs")
|
||||||
|
|
||||||
func Test(t *testing.T) {
|
func Test(t *testing.T) {
|
||||||
check.TestingT(t)
|
|
||||||
}
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
flag.Parse()
|
|
||||||
if !*integration {
|
if !*integration {
|
||||||
log.Info("Integration tests disabled.")
|
log.Info("Integration tests disabled.")
|
||||||
return
|
return
|
||||||
|
@ -69,6 +64,8 @@ func init() {
|
||||||
check.Suite(&ProxyProtocolSuite{})
|
check.Suite(&ProxyProtocolSuite{})
|
||||||
check.Suite(&TCPSuite{})
|
check.Suite(&TCPSuite{})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
check.TestingT(t)
|
||||||
}
|
}
|
||||||
|
|
||||||
var traefikBinary = "../dist/traefik"
|
var traefikBinary = "../dist/traefik"
|
||||||
|
|
Loading…
Reference in a new issue