forked from influxdata/telegraf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
prometheus_client_tls_test.go
114 lines (89 loc) · 2.9 KB
/
prometheus_client_tls_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
package prometheus_client_test
import (
"crypto/tls"
"fmt"
"net/http"
"testing"
inttls "github.com/influxdata/telegraf/internal/tls"
"github.com/influxdata/telegraf/plugins/outputs/prometheus_client"
"github.com/influxdata/telegraf/testutil"
"github.com/influxdata/toml"
"github.com/stretchr/testify/require"
)
var pki = testutil.NewPKI("../../../testutil/pki")
var configWithTLS = fmt.Sprintf(`
listen = "127.0.0.1:0"
tls_allowed_cacerts = ["%s"]
tls_cert = "%s"
tls_key = "%s"
tls_cipher_suites = ["%s"]
tls_min_version = "%s"
`, pki.TLSServerConfig().TLSAllowedCACerts[0], pki.TLSServerConfig().TLSCert, pki.TLSServerConfig().TLSKey, pki.CipherSuite(), pki.TLSMaxVersion())
var configWithoutTLS = `
listen = "127.0.0.1:0"
`
type PrometheusClientTestContext struct {
Output *prometheus_client.PrometheusClient
Accumulator *testutil.Accumulator
Client *http.Client
}
func TestWorksWithoutTLS(t *testing.T) {
tc := buildTestContext(t, []byte(configWithoutTLS))
err := tc.Output.Connect()
require.NoError(t, err)
defer tc.Output.Close()
response, err := tc.Client.Get(tc.Output.URL())
require.NoError(t, err)
require.NoError(t, err)
require.Equal(t, response.StatusCode, http.StatusOK)
}
func TestWorksWithTLS(t *testing.T) {
tc := buildTestContext(t, []byte(configWithTLS))
err := tc.Output.Connect()
require.NoError(t, err)
defer tc.Output.Close()
serverCiphers, err := inttls.ParseCiphers(tc.Output.ServerConfig.TLSCipherSuites)
require.NoError(t, err)
require.Equal(t, 1, len(serverCiphers))
tlsVersion, err := inttls.ParseTLSVersion(tc.Output.ServerConfig.TLSMinVersion)
require.NoError(t, err)
response, err := tc.Client.Get(tc.Output.URL())
require.NoError(t, err)
require.NoError(t, err)
require.Equal(t, response.StatusCode, http.StatusOK)
require.Equal(t, response.TLS.CipherSuite, serverCiphers[0])
require.Equal(t, response.TLS.Version, tlsVersion)
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
client := &http.Client{Transport: tr}
response, err = client.Get(tc.Output.URL())
require.Error(t, err)
}
func buildTestContext(t *testing.T, config []byte) *PrometheusClientTestContext {
output := prometheus_client.NewClient()
err := toml.Unmarshal(config, output)
require.NoError(t, err)
var (
httpClient *http.Client
)
if len(output.TLSAllowedCACerts) != 0 {
httpClient = buildClientWithTLS(t, output)
} else {
httpClient = buildClientWithoutTLS()
}
return &PrometheusClientTestContext{
Output: output,
Accumulator: &testutil.Accumulator{},
Client: httpClient,
}
}
func buildClientWithoutTLS() *http.Client {
return &http.Client{}
}
func buildClientWithTLS(t *testing.T, output *prometheus_client.PrometheusClient) *http.Client {
tlsConfig, err := pki.TLSClientConfig().TLSConfig()
require.NoError(t, err)
transport := &http.Transport{TLSClientConfig: tlsConfig}
return &http.Client{Transport: transport}
}