Skip to content

Add option to serve TLS in testutils.NewServerChannel#882

Merged
DheerendraRathor merged 1 commit intodevfrom
dheerendra.tls
May 25, 2022
Merged

Add option to serve TLS in testutils.NewServerChannel#882
DheerendraRathor merged 1 commit intodevfrom
dheerendra.tls

Conversation

@DheerendraRathor
Copy link
Copy Markdown
Contributor

@DheerendraRathor DheerendraRathor commented May 17, 2022

Added ServeTLS in testutils.ChannelOpts to create a test server with TLS listener listening on port 0.
TLS listener uses a static cert/key pair present in internal/testcert package to prevent accidental use of the cert in production.

@CLAassistant
Copy link
Copy Markdown

CLAassistant commented May 17, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@codecov
Copy link
Copy Markdown

codecov bot commented May 17, 2022
edited
Loading

Codecov Report

Merging #882 (5cc4eaa) into dev (13b3dec) will increase coverage by 0.56%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##              dev     #882      +/-   ##
==========================================
+ Coverage   88.93%   89.50%   +0.56%     
==========================================
  Files          43       43              
  Lines        4439     4439              
==========================================
+ Hits         3948     3973      +25     
+ Misses        370      349      -21     
+ Partials      121      117       -4
Impacted Files Coverage Δ
outbound.go 87.13% <0.00%> (-1.76%) ⬇️
peer.go 94.60% <0.00%> (+0.71%) ⬆️
channel.go 90.69% <0.00%> (+1.55%) ⬆️
inbound.go 82.38% <0.00%> (+1.55%) ⬆️
connection.go 89.37% <0.00%> (+3.46%) ⬆️
sockio_unix.go 100.00% <0.00%> (+15.38%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a7eda2d...5cc4eaa. Read the comment docs.

@DheerendraRathor DheerendraRathor changed the title Add TLS option in testutils.NewServerChannel Add option to serve TLS in testutils.NewServerChannel May 18, 2022
@DheerendraRathor DheerendraRathor marked this pull request as ready for review May 18, 2022 00:35
cinchurge
cinchurge reviewed May 23, 2022
View reviewed changes
testutils/channel.go
func getTLSListener() (net.Listener, error) {
cert, err := tls.X509KeyPair(testcert.TestCert, testcert.TestKey)
if err != nil {
panic(fmt.Sprintf("testutils: getTLSListener: %v", err))
Copy link
Copy Markdown
Collaborator

@cinchurge cinchurge May 23, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

somewhat bummed we need to panic here, but I guess it's too late to pass in *testing.T now.

Copy link
Copy Markdown
Contributor Author

@DheerendraRathor DheerendraRathor May 23, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel that panic is good here since we never expect this to fail.
Go uses same for httptest https://github.com/golang/go/blob/master/src/net/http/httptest/server.go#L151

connection_test.go
})
}

func TestWithTLSNoRelay(t *testing.T) {
Copy link
Copy Markdown
Collaborator

@cinchurge cinchurge May 23, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wondering out loud - how can we limit the use of TLS to only muttley? I don't think we want to end up supporting peer-to-peer TLS. but maybe it's not something we can do easily...

Copy link
Copy Markdown
Contributor Author

@DheerendraRathor DheerendraRathor May 23, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tchannel can support mTLS for non-relay use cases. In fact, we're also going to use that in p2p routing outside muttley.
With relay, tchannel can't support mTLS, but TLS use case is still there.

@DheerendraRathor
Add TLS option in testutils.NewServerChannel
5cc4eaa 
Added `ServeTLS` in `testutils.ChannelOpts` to create a test server with TLS listener listening on port 0.
TLS listener uses a static cert/key pair present in `internal/testcert` package to prevent accidental use of the cert in production.
@DheerendraRathor DheerendraRathor merged commit c6c0f71 into dev May 25, 2022
@DheerendraRathor DheerendraRathor deleted the dheerendra.tls branch May 25, 2022 18:39
DheerendraRathor added a commit that referenced this pull request May 25, 2022
@DheerendraRathor
Add TLS option in testutils.NewServerChannel (#882)
ae847b3 
Added `ServeTLS` in `testutils.ChannelOpts` to create a test server with TLS listener listening on port 0.
TLS listener uses a static cert/key pair present in `internal/testcert` package to prevent accidental use of the cert in production.
DheerendraRathor added a commit that referenced this pull request Jun 23, 2022
@DheerendraRathor
Add TLS option in testutils.NewServerChannel (#882)
8f38d24 
Added `ServeTLS` in `testutils.ChannelOpts` to create a test server with TLS listener listening on port 0.
TLS listener uses a static cert/key pair present in `internal/testcert` package to prevent accidental use of the cert in production.
cinchurge pushed a commit that referenced this pull request Aug 23, 2022
@DheerendraRathor @cinchurge
Add TLS option in testutils.NewServerChannel (#882)
eeb4adc 
Added `ServeTLS` in `testutils.ChannelOpts` to create a test server with TLS listener listening on port 0.
TLS listener uses a static cert/key pair present in `internal/testcert` package to prevent accidental use of the cert in production.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cinchurge cinchurge cinchurge approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@DheerendraRathor @CLAassistant @cinchurge