Added a check to ensure clientTLS configuration contains either a cert or a key

2017-08-25 10:26:02 +02:00 · 2017-08-25 10:26:02 +02:00 · 98dfd2ba0e
parent 87e6285cf6
commit 98dfd2ba0e
2 changed files with 55 additions and 15 deletions
--- a/provider/provider.go
+++ b/provider/provider.go
@ -157,6 +157,11 @@ func (clientTLS *ClientTLS) CreateTLSConfig() (*tls.Config, error) {
 	cert := tls.Certificate{}
 	_, errKeyIsFile := os.Stat(clientTLS.Key)

+	if !clientTLS.InsecureSkipVerify && (len(clientTLS.Cert) == 0 || len(clientTLS.Key) == 0) {
+		return nil, fmt.Errorf("TLS Certificate or Key file must be set when TLS configuration is created")
+	}
+
+	if len(clientTLS.Cert) > 0 && len(clientTLS.Key) > 0 {
 		if _, errCertIsFile := os.Stat(clientTLS.Cert); errCertIsFile == nil {
 			if errKeyIsFile == nil {
 				cert, err = tls.LoadX509KeyPair(clientTLS.Cert, clientTLS.Key)
@ -177,6 +182,7 @@ func (clientTLS *ClientTLS) CreateTLSConfig() (*tls.Config, error) {
 				return nil, fmt.Errorf("tls key is a file, but tls cert is not")
 			}
 		}
+	}

 	TLSConfig := &tls.Config{
 		Certificates:       []tls.Certificate{cert},
--- a/provider/provider_test.go
+++ b/provider/provider_test.go
@ -197,6 +197,40 @@ func TestNilClientTLS(t *testing.T) {
 	}
 }

+func TestInsecureSkipVerifyClientTLS(t *testing.T) {
+	provider := &myProvider{
+		BaseProvider{
+			Filename: "",
+		},
+		&ClientTLS{
+			InsecureSkipVerify: true,
+		},
+	}
+	config, err := provider.TLS.CreateTLSConfig()
+	if err != nil {
+		t.Fatal("CreateTLSConfig should assume that consumer does not want a TLS configuration if input is nil")
+	}
+	if !config.InsecureSkipVerify {
+		t.Fatal("CreateTLSConfig should support setting only InsecureSkipVerify property")
+	}
+}
+
+func TestInsecureSkipVerifyFalseClientTLS(t *testing.T) {
+	provider := &myProvider{
+		BaseProvider{
+			Filename: "",
+		},
+		&ClientTLS{
+			InsecureSkipVerify: false,
+		},
+	}
+	_, err := provider.TLS.CreateTLSConfig()
+	if err == nil {
+		t.Fatal("CreateTLSConfig should error if consumer does not set a TLS cert or key configuration and not chooses InsecureSkipVerify to be true")
+	}
+	t.Log(err)
+}
+
 func TestMatchingConstraints(t *testing.T) {
 	cases := []struct {
 		constraints types.Constraints