djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/main' into callback-endpoint

Browse Source
This commit is contained in:
Matt Moyer 2020-12-03 08:50:31 -06:00
commit 1fa41c4d0a
No known key found for this signature in database
GPG Key ID: EAE88AD172C5AE2D
3 changed files with 48 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
test/integration/supervisor_discovery_test.go
View File

@ -232,11 +232,10 @@ func TestSupervisorTLSTerminationWithDefaultCerts(t *testing.T) {
port = hostAndPortSegments[1] port = hostAndPortSegments[1]
} }
ips, err := net.DefaultResolver.LookupIPAddr(ctx, hostname) ips, err := library.LookupIP(ctx, hostname)
require.NoError(t, err) require.NoError(t, err)
ip := ips[0] require.NotEmpty(t, ips)
ipAsString := ip.String() ipWithPort := ips[0].String() + ":" + port
ipWithPort := ipAsString + ":" + port
issuerUsingIPAddress := fmt.Sprintf("%s://%s/issuer1", scheme, ipWithPort) issuerUsingIPAddress := fmt.Sprintf("%s://%s/issuer1", scheme, ipWithPort)
issuerUsingHostname := fmt.Sprintf("%s://%s/issuer1", scheme, address) issuerUsingHostname := fmt.Sprintf("%s://%s/issuer1", scheme, address)
@ -249,7 +248,7 @@ func TestSupervisorTLSTerminationWithDefaultCerts(t *testing.T) {
requireEndpointHasTLSErrorBecauseCertificatesAreNotReady(t, issuerUsingIPAddress) requireEndpointHasTLSErrorBecauseCertificatesAreNotReady(t, issuerUsingIPAddress)
// Create a Secret at the special name which represents the default TLS cert. // Create a Secret at the special name which represents the default TLS cert.
defaultCA := createTLSCertificateSecret(ctx, t, ns, "cert-hostname-doesnt-matter", []net.IP{ip.IP}, defaultTLSCertSecretName(env), kubeClient) defaultCA := createTLSCertificateSecret(ctx, t, ns, "cert-hostname-doesnt-matter", []net.IP{ips[0]}, defaultTLSCertSecretName(env), kubeClient)
// Now that the Secret exists, we should be able to access the endpoints by IP address using the CA. // Now that the Secret exists, we should be able to access the endpoints by IP address using the CA.
_ = requireDiscoveryEndpointsAreWorking(t, scheme, ipWithPort, string(defaultCA.Bundle()), issuerUsingIPAddress, nil) _ = requireDiscoveryEndpointsAreWorking(t, scheme, ipWithPort, string(defaultCA.Bundle()), issuerUsingIPAddress, nil)

16
test/library/iplookup.go Normal file
View File

@ -0,0 +1,16 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// +build !go1.14
package library
import (
"context"
"net"
)
// LookupIP looks up the IP address of the provided hostname, preferring IPv4.
func LookupIP(ctx context.Context, hostname string) ([]net.IP, error) {
return net.DefaultResolver.LookupIP(ctx, "ip4", hostname)
}

28
test/library/iplookup_go1.14.go Normal file
View File

@ -0,0 +1,28 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// +build go1.14
package library
import (
"context"
"net"
)
// LookupIP looks up the IP address of the provided hostname, preferring IPv4.
func LookupIP(ctx context.Context, hostname string) ([]net.IP, error) {
ips, err := net.DefaultResolver.LookupIPAddr(ctx, hostname)
if err != nil {
return nil, err
}
// Filter out to only IPv4 addresses
var results []net.IP
for _, ip := range ips {
if ip.IP.To4() != nil {
results = append(results, ip.IP)
}
}
return results, nil
}