[GitHub] [apisix-dashboard] nic-chen commented on a change in pull request #1437: feat: support mTLS connection to ETCD

[GitBox <gi...@apache.org>]

nic-chen commented on a change in pull request #1437:
URL: https://github.com/apache/apisix-dashboard/pull/1437#discussion_r570957520



##########
File path: api/test/shell/cli_test.sh
##########
@@ -338,3 +338,40 @@ if [[ `echo ${resp} | grep -c "${GITHASH}"` -ne '1' ]]; then
 fi
 
 check_logfile
+
+
+# mtls test
+
+wget https://github.com/etcd-io/etcd/releases/download/v3.4.14/etcd-v3.4.14-linux-amd64.tar.gz
+
+tar zxvf etcd-v3.4.14-linux-amd64.tar.gz && cd etcd-v3.4.14-linux-amd64

Review comment:
       fixed.

##########
File path: api/test/shell/cli_test.sh
##########
@@ -338,3 +338,40 @@ if [[ `echo ${resp} | grep -c "${GITHASH}"` -ne '1' ]]; then
 fi
 
 check_logfile
+
+
+# mtls test
+
+wget https://github.com/etcd-io/etcd/releases/download/v3.4.14/etcd-v3.4.14-linux-amd64.tar.gz
+
+tar zxvf etcd-v3.4.14-linux-amd64.tar.gz && cd etcd-v3.4.14-linux-amd64
+
+./etcd --name infra0 --data-dir infra0 \
+  --client-cert-auth --trusted-ca-file=$(pwd)/test/certs/mtls_ca.crt --cert-file=$(pwd)/test/certs/mtls_server.crt --key-file=$(pwd)/test/certs/mtls_server.key \
+  --advertise-client-urls https://127.0.0.1:3379 --listen-client-urls https://127.0.0.1:3379 --listen-peer-urls http://0.0.0.0:3380 &
+

Review comment:
       fixed.

##########
File path: api/test/shell/cli_test.sh
##########
@@ -338,3 +338,40 @@ if [[ `echo ${resp} | grep -c "${GITHASH}"` -ne '1' ]]; then
 fi
 
 check_logfile
+
+
+# mtls test
+
+wget https://github.com/etcd-io/etcd/releases/download/v3.4.14/etcd-v3.4.14-linux-amd64.tar.gz
+
+tar zxvf etcd-v3.4.14-linux-amd64.tar.gz && cd etcd-v3.4.14-linux-amd64
+
+./etcd --name infra0 --data-dir infra0 \
+  --client-cert-auth --trusted-ca-file=$(pwd)/test/certs/mtls_ca.crt --cert-file=$(pwd)/test/certs/mtls_server.crt --key-file=$(pwd)/test/certs/mtls_server.key \
+  --advertise-client-urls https://127.0.0.1:3379 --listen-client-urls https://127.0.0.1:3379 --listen-peer-urls http://0.0.0.0:3380 &
+
+currentDir=$(pwd)
+
+if [[ $KERNEL = "Darwin" ]]; then
+  sed -i "" "s@key_file: \"\"@key_file: \"$currentDir/test/certs/mtls_client-key.pem\"@g" conf/conf.yaml
+  sed -i "" "s@cert_file: \"\"@key_file: \"$currentDir/test/certs/mtls_client.pem\"@g" conf/conf.yaml
+  sed -i "" "s@ca_file: \"\"@key_file: \"$currentDir/test/certs/mtls_ca.pem\"@g" conf/conf.yaml
+  sed -i "" 's/127.0.0.1:2379/127.0.0.1:3379/' conf/conf.yaml
+else
+  sed -i "s@key_file: \"\"@key_file: \"$currentDir/test/certs/mtls_client-key.pem\"@g" conf/conf.yaml
+  sed -i "s@cert_file: \"\"@key_file: \"$currentDir/test/certs/mtls_client.pem\"@g" conf/conf.yaml
+  sed -i "s@ca_file: \"\"@key_file: \"$currentDir/test/certs/mtls_ca.pem\"@g" conf/conf.yaml
+
+  sed -i 's/127.0.0.1:2379/127.0.0.1:3379/' conf/conf.yaml
+fi
+
+./manager-api &
+sleep 3
+
+# validate process is right by requesting login api
+resp=$(curl http://127.0.0.1:9000/apisix/admin/user/login -H "Content-Type: application/json" -d '{"username":"admin", "password": "admin"}')
+token=$(echo "${resp}" | sed 's/{/\n/g' | sed 's/,/\n/g' | grep "token" | sed 's/:/\n/g' | sed '1d' | sed 's/}//g'  | sed 's/"//g')
+if [ -z "${token}" ]; then
+    echo "login failed"

Review comment:
       updated.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org