[GitHub] [apisix-dashboard] starsz commented on a change in pull request #1437: feat: support mTLS connection to ETCD

[GitBox <gi...@apache.org>]

starsz commented on a change in pull request #1437:
URL: https://github.com/apache/apisix-dashboard/pull/1437#discussion_r570866275



##########
File path: api/test/shell/cli_test.sh
##########
@@ -338,3 +338,40 @@ if [[ `echo ${resp} | grep -c "${GITHASH}"` -ne '1' ]]; then
 fi
 
 check_logfile
+
+
+# mtls test
+
+wget https://github.com/etcd-io/etcd/releases/download/v3.4.14/etcd-v3.4.14-linux-amd64.tar.gz
+
+tar zxvf etcd-v3.4.14-linux-amd64.tar.gz && cd etcd-v3.4.14-linux-amd64
+
+./etcd --name infra0 --data-dir infra0 \
+  --client-cert-auth --trusted-ca-file=$(pwd)/test/certs/mtls_ca.crt --cert-file=$(pwd)/test/certs/mtls_server.crt --key-file=$(pwd)/test/certs/mtls_server.key \
+  --advertise-client-urls https://127.0.0.1:3379 --listen-client-urls https://127.0.0.1:3379 --listen-peer-urls http://0.0.0.0:3380 &
+

Review comment:
       We should stop the etcd after test.

##########
File path: api/test/shell/cli_test.sh
##########
@@ -338,3 +338,40 @@ if [[ `echo ${resp} | grep -c "${GITHASH}"` -ne '1' ]]; then
 fi
 
 check_logfile
+
+
+# mtls test
+
+wget https://github.com/etcd-io/etcd/releases/download/v3.4.14/etcd-v3.4.14-linux-amd64.tar.gz
+
+tar zxvf etcd-v3.4.14-linux-amd64.tar.gz && cd etcd-v3.4.14-linux-amd64

Review comment:
       Can this be done at github action?

##########
File path: api/test/shell/cli_test.sh
##########
@@ -338,3 +338,40 @@ if [[ `echo ${resp} | grep -c "${GITHASH}"` -ne '1' ]]; then
 fi
 
 check_logfile
+
+
+# mtls test
+
+wget https://github.com/etcd-io/etcd/releases/download/v3.4.14/etcd-v3.4.14-linux-amd64.tar.gz
+
+tar zxvf etcd-v3.4.14-linux-amd64.tar.gz && cd etcd-v3.4.14-linux-amd64
+
+./etcd --name infra0 --data-dir infra0 \
+  --client-cert-auth --trusted-ca-file=$(pwd)/test/certs/mtls_ca.crt --cert-file=$(pwd)/test/certs/mtls_server.crt --key-file=$(pwd)/test/certs/mtls_server.key \
+  --advertise-client-urls https://127.0.0.1:3379 --listen-client-urls https://127.0.0.1:3379 --listen-peer-urls http://0.0.0.0:3380 &
+
+currentDir=$(pwd)
+
+if [[ $KERNEL = "Darwin" ]]; then
+  sed -i "" "s@key_file: \"\"@key_file: \"$currentDir/test/certs/mtls_client-key.pem\"@g" conf/conf.yaml
+  sed -i "" "s@cert_file: \"\"@key_file: \"$currentDir/test/certs/mtls_client.pem\"@g" conf/conf.yaml
+  sed -i "" "s@ca_file: \"\"@key_file: \"$currentDir/test/certs/mtls_ca.pem\"@g" conf/conf.yaml
+  sed -i "" 's/127.0.0.1:2379/127.0.0.1:3379/' conf/conf.yaml
+else
+  sed -i "s@key_file: \"\"@key_file: \"$currentDir/test/certs/mtls_client-key.pem\"@g" conf/conf.yaml
+  sed -i "s@cert_file: \"\"@key_file: \"$currentDir/test/certs/mtls_client.pem\"@g" conf/conf.yaml
+  sed -i "s@ca_file: \"\"@key_file: \"$currentDir/test/certs/mtls_ca.pem\"@g" conf/conf.yaml
+
+  sed -i 's/127.0.0.1:2379/127.0.0.1:3379/' conf/conf.yaml
+fi
+
+./manager-api &
+sleep 3
+
+# validate process is right by requesting login api
+resp=$(curl http://127.0.0.1:9000/apisix/admin/user/login -H "Content-Type: application/json" -d '{"username":"admin", "password": "admin"}')
+token=$(echo "${resp}" | sed 's/{/\n/g' | sed 's/,/\n/g' | grep "token" | sed 's/:/\n/g' | sed '1d' | sed 's/}//g'  | sed 's/"//g')
+if [ -z "${token}" ]; then
+    echo "login failed"

Review comment:
       `login failed` is already existed.
   We should add extra info to distinguish them.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org