feat(tests): add cert integration tests

Author: Matthew Fisher

docs/reference/domain-ssl.rst

@@ -64,6 +64,10 @@ Add your certificate, any intermediate certificates, and private key to the endp
     Adding SSL endpoint... done
     www.example.com
 
+.. note::
+
+    It may take up to one minute for the certificate to be available on the routers.
+
 
 Attach a Certificate Chain
 ^^^^^^^^^^^^^^^^^^^^^^^^^^

tests/domain_test.go

@@ -0,0 +1,68 @@
+// +build integration
+
+package tests
+
+import (
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/deis/deis/tests/utils"
+)
+
+var (
+	certsAddCmd      = "certs:add {{.SSLCertificatePath}} {{.SSLKeyPath}}"
+	certsRemoveCmd   = "certs:remove {{.AppDomain}}"
+	domainsAddCmd    = "domains:add {{.AppDomain}} --app {{.AppName}}"
+	domainsRemoveCmd = "domains:remove {{.AppDomain}} --app {{.AppName}}"
+)
+
+func TestDomains(t *testing.T) {
+	cfg := domainsSetup(t)
+	domainsTest(t, cfg)
+	certsTest(t, cfg)
+	utils.AppsDestroyTest(t, cfg)
+}
+
+func domainsSetup(t *testing.T) *utils.DeisTestConfig {
+	cfg := utils.GetGlobalConfig()
+	cfg.AppName = "domainsample"
+	utils.Execute(t, authLoginCmd, cfg, false, "")
+	utils.Execute(t, gitCloneCmd, cfg, false, "")
+	if err := utils.Chdir(cfg.ExampleApp); err != nil {
+		t.Fatal(err)
+	}
+	utils.Execute(t, appsCreateCmd, cfg, false, "")
+	utils.Execute(t, gitPushCmd, cfg, false, "")
+	utils.CurlApp(t, *cfg)
+	if err := utils.Chdir(".."); err != nil {
+		t.Fatal(err)
+	}
+	return cfg
+}
+
+func domainsTest(t *testing.T, cfg *utils.DeisTestConfig) {
+	utils.Execute(t, domainsAddCmd, cfg, false, "done")
+	// ensure both the root domain and the custom domain work
+	utils.CurlApp(t, *cfg)
+	utils.Curl(t, fmt.Sprintf("http://%s", cfg.AppDomain))
+	utils.Execute(t, domainsRemoveCmd, cfg, false, "done")
+	// only the root domain should work now
+	utils.CurlApp(t, *cfg)
+	// TODO (bacongobbler): add test to ensure that the custom domain fails to connect
+}
+
+func certsTest(t *testing.T, cfg *utils.DeisTestConfig) {
+	utils.Execute(t, domainsAddCmd, cfg, false, "done")
+	utils.Execute(t, certsAddCmd, cfg, false, cfg.AppDomain)
+	// wait for the certs to be populated in the router; cron takes up to 1 minute
+	fmt.Println("sleeping for 60 seconds until certs are generated...")
+	time.Sleep(60 * time.Second)
+	fmt.Println("ok")
+	// ensure the custom domain's SSL endpoint works
+	utils.Curl(t, fmt.Sprintf("https://%s", cfg.AppDomain))
+	utils.Execute(t, certsRemoveCmd, cfg, false, "done")
+	// only the root domain should work now
+	utils.CurlApp(t, *cfg)
+	// TODO (bacongobbler): add test to ensure that the custom domain fails to connect
+}

tests/domains_test.go

@@ -4,10 +4,12 @@ import (
 	"bytes"
 	"fmt"
 	"io/ioutil"
+	"log"
 	"math/rand"
 	"net/http"
 	"os"
 	"os/exec"
+	"path/filepath"
 	"strings"
 	"testing"
 	"text/template"
@@ -22,21 +24,23 @@ var Deis = "deis "
 // DeisTestConfig allows tests to be repeated against different
 // targets, with different example apps, using specific credentials, and so on.
 type DeisTestConfig struct {
-	AuthKey     string
-	Hosts       string
-	Domain      string
-	SSHKey      string
-	ClusterName string
-	UserName    string
-	Password    string
-	Email       string
-	ExampleApp  string
-	AppDomain   string
-	AppName     string
-	ProcessNum  string
-	ImageID     string
-	Version     string
-	AppUser     string
+	AuthKey            string
+	Hosts              string
+	Domain             string
+	SSHKey             string
+	ClusterName        string
+	UserName           string
+	Password           string
+	Email              string
+	ExampleApp         string
+	AppDomain          string
+	AppName            string
+	ProcessNum         string
+	ImageID            string
+	Version            string
+	AppUser            string
+	SSLCertificatePath string
+	SSLKeyPath         string
 }
 
 // randomApp is used for the test run if DEIS_TEST_APP isn't set
@@ -68,22 +72,46 @@ func GetGlobalConfig() *DeisTestConfig {
 	if appDomain == "" {
 		appDomain = fmt.Sprintf("test.%s", domain)
 	}
+
+	// generate a self-signed certifcate for the app domain
+	keyOut, err := filepath.Abs(appDomain + ".key")
+	if err != nil {
+		log.Fatal(err)
+	}
+	certOut, err := filepath.Abs(appDomain + ".cert")
+	if err != nil {
+		log.Fatal(err)
+	}
+	cmd := exec.Command("openssl", "req", "-new", "-newkey", "rsa:4096", "-nodes", "-x509",
+		"-days", "1",
+		"-subj", fmt.Sprintf("/C=US/ST=Colorado/L=Boulder/CN=%s", appDomain),
+		"-keyout", keyOut,
+		"-out", certOut)
+	if err := cmd.Start(); err != nil {
+		log.Fatal(err)
+	}
+	if err := cmd.Wait(); err != nil {
+		log.Fatal(err)
+	}
+
 	var envCfg = DeisTestConfig{
-		AuthKey:     authKey,
-		Hosts:       hosts,
-		Domain:      domain,
-		SSHKey:      sshKey,
-		ClusterName: "dev",
-		UserName:    "test",
-		Password:    "asdf1234",
-		Email:       "test@test.co.nz",
-		ExampleApp:  exampleApp,
-		AppDomain:   appDomain,
-		AppName:     "sample",
-		ProcessNum:  "2",
-		ImageID:     "buildtest",
-		Version:     "2",
-		AppUser:     "test1",
+		AuthKey:            authKey,
+		Hosts:              hosts,
+		Domain:             domain,
+		SSHKey:             sshKey,
+		ClusterName:        "dev",
+		UserName:           "test",
+		Password:           "asdf1234",
+		Email:              "test@test.co.nz",
+		ExampleApp:         exampleApp,
+		AppDomain:          appDomain,
+		AppName:            "sample",
+		ProcessNum:         "2",
+		ImageID:            "buildtest",
+		Version:            "2",
+		AppUser:            "test1",
+		SSLCertificatePath: certOut,
+		SSLKeyPath:         keyOut,
 	}
 	return &envCfg
 }