[CONSUL-463] Review curl Exec and get_ca_root Func (#63)

hashicorp · Dec 21, 2022 · f0e2b44 · f0e2b44
1 parent e0d981a
commit f0e2b44
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 11 deletions.
diff --git a/test/integration/connect/envoy/case-ingress-gateway-tls/verify.bats b/test/integration/connect/envoy/case-ingress-gateway-tls/verify.bats
@@ -19,25 +19,17 @@ load helpers
 }
 
 @test "ingress-gateway should have healthy endpoints for s1" {
-  assert_upstream_has_endpoints_in_status 127.0.0.1:20000 s1 HEALTHY 1
+   assert_upstream_has_endpoints_in_status 127.0.0.1:20000 s1 HEALTHY 1
 }
 
 @test "should be able to connect to s1 through the TLS-enabled ingress port" {
   assert_dnssan_in_cert localhost:9998 '\*.ingress.consul'
   # Use the --resolve argument to fake dns resolution for now so we can use the
   # s1.ingress.consul domain to validate the cert
-  run retry_default curl --cacert <(get_ca_root) -s -f -d hello \
-    --resolve s1.ingress.consul:9998:127.0.0.1 \
-    https://s1.ingress.consul:9998
-  [ "$status" -eq 0 ]
-  [[ "$output" == *"hello"* ]]
+  cacert_curl s1.ingress.consul:9998:127.0.0.1 https://s1.ingress.consul:9998  
 }
 
 @test "should be able to connect to s1 through the TLS-enabled ingress port using the custom host" {
   assert_dnssan_in_cert localhost:9999 'test.example.com'
-  run retry_default curl --cacert <(get_ca_root) -s -f -d hello \
-    --resolve test.example.com:9999:127.0.0.1 \
-    https://test.example.com:9999
-  [ "$status" -eq 0 ]
-  [[ "$output" == *"hello"* ]]
+  cacert_curl test.example.com:9999:127.0.0.1 https://test.example.com:9999  
 }
diff --git a/test/integration/connect/envoy/helpers.bash b/test/integration/connect/envoy/helpers.bash
@@ -801,6 +801,16 @@ function get_ca_root {
   curl -s -f "http://localhost:8500/v1/connect/ca/roots" | jq -r ".Roots[0].RootCert"
 }
 
+function cacert_curl {
+  local RESOLVE_ADDR=$1
+  local ADDR=$2  
+
+  run retry_default curl --cacert <(get_ca_root) -s -f -d hello --resolve $RESOLVE_ADDR $ADDR
+
+  [ "$status" -eq 0 ]
+  [ "$output" == *"hello"* ]
+}
+
 function wait_for_agent_service_register {
   local SERVICE_ID=$1
   local DC=${2:-primary}

diff --git a/test/integration/connect/envoy/helpers.windows.bash b/test/integration/connect/envoy/helpers.windows.bash
@@ -884,6 +884,18 @@ function get_ca_root {
   curl -s -f "http://consul-primary:8500/v1/connect/ca/roots" | jq -r ".Roots[0].RootCert"
 }
 
+function cacert_curl {
+  local RESOLVE_ADDR=$1
+  local ADDR=$2  
+  local CA_ROOT="/c/workdir/caroot.pem"
+  get_ca_root > $CA_ROOT
+
+  run retry_default curl --cacert $CA_ROOT -s -f -d hello --resolve $RESOLVE_ADDR $ADDR
+
+  [ "$status" -eq 0 ]
+  [ "$output" == *"hello"* ]
+}
+
 function wait_for_agent_service_register {
   local SERVICE_ID=$1
   local DC=${2:-primary}