[docker-test] Add release-image–based containerized integration tests with TLS modes#143
Conversation
Add release-image–based containerized integration tests with different TLS modes.
Add support for multi-SAN server TLS credential creation.
Align configuration names.
Move common Docker utils to utils/test.
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
liran-funaro
left a comment
liran-funaro
left a comment
There was a problem hiding this comment.
This looks good overall. Please address the comments,
| return fmt.Sprintf("%s_%s_%s", containerPrefixName, node, tlsMode) | ||
| } | ||
|
|
||
| func assembleBinds(t *testing.T, serverCredsPath, clientCredsPath string, additionalBinds ...string) []string { |
There was a problem hiding this comment.
assembleBinds() is always called with the following pattern, where the intermediate variables (serverCredsPath, clientCredsPath) are only used for the input of assembleBinds().
_, serverCredsPath := params.credsFactory.CreateServerCredentials(t, params.tlsMode, params.node)
require.NotEmpty(t, serverCredsPath)
_, clientCredsPath := params.credsFactory.CreateClientCredentials(t, params.tlsMode)
require.NotEmpty(t, clientCredsPath)
[...]
assembleBinds(t,
serverCredsPath,
clientCredsPath,
fmt.Sprintf("%s.yaml:/%s.yaml",
filepath.Join(mustGetWD(t), localConfigPath, params.node), configPath,
)
fmt.Sprintf("%s:/%s", params.configBlockPath, filepath.Join(containerConfigPath, genBlockFile)),
)Thus, assembleBinds() should contain all this logic internally.
There was a problem hiding this comment.
We can embed all of the logic into assembleBinds. However, when we try to bind a config file that doesn’t exist (as happens when we enable assembleBind for the db or orderer containers), Docker automatically creates directories with those names in the specified path (on the host).
To avoid that, we can move the following code into assembleBinds:
_, serverCredsPath := params.credsFactory.CreateServerCredentials(t, params.tlsMode, params.node)
require.NotEmpty(t, serverCredsPath)
_, clientCredsPath := params.credsFactory.CreateClientCredentials(t, params.tlsMode)
require.NotEmpty(t, clientCredsPath)
and then pass any differing binds as additional binds.
| } | ||
|
|
||
| // mustGetWD returns the current working directory. | ||
| func mustGetWD(t *testing.T) string { |
There was a problem hiding this comment.
minor: This can be embedded into assembleBinds().
There was a problem hiding this comment.
Reverted and explained in the comment above.
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
2 participants
Type of change
Description
Additional details
The integration test runs each service in a separate Docker container and establishes connections between them with different TLS modes.
For now, we load TLS certificates into the mock-orderer container, even though it doesn’t support them yet (a future PR will add support).
We also need to align the config/template names, which will be addressed in a separate PR.
Related issues