mirror of
https://github.com/grafana/grafana.git
synced 2025-07-28 18:42:12 +08:00
162 lines
6.3 KiB
Go
162 lines
6.3 KiB
Go
package api
|
|
|
|
import (
|
|
"os"
|
|
"testing"
|
|
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestHTTPServer_MetricsBasicAuth(t *testing.T) {
|
|
ts := &HTTPServer{
|
|
Cfg: setting.NewCfg(),
|
|
}
|
|
|
|
t.Run("enabled", func(t *testing.T) {
|
|
ts.Cfg.MetricsEndpointBasicAuthUsername = "foo"
|
|
ts.Cfg.MetricsEndpointBasicAuthPassword = "bar"
|
|
|
|
assert.True(t, ts.metricsEndpointBasicAuthEnabled())
|
|
})
|
|
|
|
t.Run("disabled", func(t *testing.T) {
|
|
ts.Cfg.MetricsEndpointBasicAuthUsername = ""
|
|
ts.Cfg.MetricsEndpointBasicAuthPassword = ""
|
|
|
|
assert.False(t, ts.metricsEndpointBasicAuthEnabled())
|
|
})
|
|
}
|
|
|
|
func TestHTTPServer_readCertificates(t *testing.T) {
|
|
ts := &HTTPServer{
|
|
Cfg: setting.NewCfg(),
|
|
}
|
|
t.Run("ReadCertificates should return error when cert files are not configured", func(t *testing.T) {
|
|
_, err := ts.readCertificates()
|
|
assert.NotNil(t, err)
|
|
})
|
|
}
|
|
|
|
func TestHTTPServer_readEncryptedCertificates(t *testing.T) {
|
|
t.Run("readCertificates should return certificate if configuration is correct", func(t *testing.T) {
|
|
cfg, cleanUpFunc := getHttpServerCfg(t)
|
|
defer cleanUpFunc()
|
|
|
|
ts := &HTTPServer{
|
|
Cfg: cfg,
|
|
}
|
|
|
|
c, err := ts.readCertificates()
|
|
require.Nil(t, err)
|
|
require.NotNil(t, c)
|
|
})
|
|
|
|
t.Run("readCertificates should return error if the password provided is not the correct one", func(t *testing.T) {
|
|
cfg, cleanUpFunc := getHttpServerCfg(t)
|
|
defer cleanUpFunc()
|
|
// change for a wrong password - 32char for consistency
|
|
cfg.CertPassword = "somethingThatIsNotTheCorrectPass"
|
|
|
|
ts := &HTTPServer{
|
|
Cfg: cfg,
|
|
}
|
|
|
|
c, err := ts.readCertificates()
|
|
require.Nil(t, c)
|
|
require.NotNil(t, err)
|
|
require.Equal(t, err.Error(), "error parsing PKCS8 Private key: pkcs8: incorrect password")
|
|
})
|
|
}
|
|
|
|
// returns Cfg and cleanup function for the created files
|
|
func getHttpServerCfg(t *testing.T) (*setting.Cfg, func()) {
|
|
// create cert files
|
|
cert, err := os.CreateTemp("", "certWithPass*.crt")
|
|
require.NoError(t, err)
|
|
_, err = cert.Write(certWithPass)
|
|
require.NoError(t, err)
|
|
|
|
privateKey, err := os.CreateTemp("", "privateKey*.key")
|
|
require.NoError(t, err)
|
|
_, err = privateKey.Write(privateKeyWithPass)
|
|
require.NoError(t, err)
|
|
|
|
cfg := setting.NewCfg()
|
|
cfg.CertPassword = password
|
|
cfg.CertFile = cert.Name()
|
|
cfg.KeyFile = privateKey.Name()
|
|
cfg.Protocol = "https"
|
|
|
|
cleanupFunc := func() {
|
|
_ = os.Remove(cert.Name())
|
|
_ = os.Remove(privateKey.Name())
|
|
}
|
|
|
|
return cfg, cleanupFunc
|
|
}
|
|
|
|
/*
|
|
* Certificates encrypted with password used for testing. These are valid until Aug 1st 2027.
|
|
* To generate new ones, use this commands:
|
|
*
|
|
* # Generate RSA private key with a passphrase '12345678901234567890123456789012'
|
|
* sudo openssl genrsa -aes256 -passout pass:12345678901234567890123456789012 -out ./grafana_pass.key 2048
|
|
* # Create a new Certificate Signing Request (CSR) using the private key passing passphrase '12345678901234567890123456789012'
|
|
* sudo openssl req -new -nodes -sha256 -key ./grafana_pass.key -subj '/CN=testCertWithPass/C=us' -passin pass:12345678901234567890123456789012 -out ./grafana_pass.csr
|
|
* # Sign the CSR using the private key to create a self-signed certificate valid for 365 days
|
|
* sudo openssl x509 -req -days 1095 -in ./grafana_pass.csr -signkey ./grafana_pass.key -passin pass:12345678901234567890123456789012 -out ./grafana_pass.crt
|
|
*/
|
|
var certWithPass = []byte(`-----BEGIN CERTIFICATE-----
|
|
MIIC1zCCAb8CFGUb9G3+Dl7bTJgCsV0HatdD6jnkMA0GCSqGSIb3DQEBCwUAMCgx
|
|
GTAXBgNVBAMMEHRlc3RDZXJ0V2l0aFBhc3MxCzAJBgNVBAYTAnVzMB4XDTI0MDgw
|
|
MTE4MzM0OFoXDTI3MDgwMTE4MzM0OFowKDEZMBcGA1UEAwwQdGVzdENlcnRXaXRo
|
|
UGFzczELMAkGA1UEBhMCdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
|
|
AQCKnZHWYZLgfpV2MqhTHxpONwQ6dUWWwAl3sQaLV2VH6e0qBhCaO4gCKQbv3KeH
|
|
4sXmdYG4fKJ+SnwGhljfW4anQjb/puVSX8E4EXwf81DBUKbUGs5GvIx6oIx2HkoO
|
|
BoKBNgsk8K/Eq4XcVUo8PfxbsJzoCyxcrjelV4UDgxpwDCTaewmiIUb+V/JvQi65
|
|
J1EWWofghKkNwhZ0Qyh6I9O8N7ZbkEUSbATcZ32AoDhpzhbVXQkNhJJV5SSa2zaA
|
|
Bv50cni9Te4PEYq97xUkq2KaD3c+Ie1VrAAmJVCgcUylG1YeZUohyaLbY7DG/PaW
|
|
ZPu6OqKddfH1UxUG0xzRjbmJAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAEZXVWWV
|
|
GdaSUuBlc9Rd6DvSQSBYzBm5zfoQlw1IQT93tI4SVD2U04RPfxUdCh6QxsssitRn
|
|
tz2x3EKFBQ3x0jYk+JHxBLdTWAhdWrhFB+beUuOUQ5++cBDTHvpyoROAg/cIz4Fg
|
|
PvdhneOlQBe7Vh1Uv4ez+H7U1MtgUAt2LYhb5hundhUpH/WCsn1mlehyhrbDBzPc
|
|
f9JeTlZbe6wyvS/26qGPSCgP0KNvltR0Cjf2AV2gjX/7+BUr9qFBRjs4+jZkIRkP
|
|
fsYk656OSlFMbYlst1ktnBrmBE7AOHdW/WRynfIFQACNkwnrnPO1u8ZRSUzVlg/2
|
|
lzZlmPUgKBVA0kA=
|
|
-----END CERTIFICATE-----`)
|
|
|
|
var privateKeyWithPass = []byte(`-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIpLpJYDO3y4wCAggA
|
|
MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBAx2HkCNR7WRCmF3QiOqhRzBIIE
|
|
0O40A8q91zh6j2bseuIMGUQNEeRSf46fUUqtucgV/KAgpQMHL0/tTfhS5GaRcBlm
|
|
vry+9Yzfy2So5/SzC6eljdLzOuKHthgn8bBlNb8Z6atmcftr1Geeaw7lXhQqfIj7
|
|
qVWQZuU+idSPR3QqKHCpubso4ydyANxDeAuylkdHix9LZFH8oYeJZB48o1adkjVG
|
|
nrPuupH/Rm6P7oC8E5x1lMcaAt3DFUaojycXFhGl6vnaejC6oMQqJ58KkHnNrLe+
|
|
ltwNCphH35rDGY6mS6a7xMHEfuFHS0bg1Tl5N+vspDg99lFBL92pwdHp8hsoS8Pl
|
|
jh4nzsNc0BUQOzDcxh8uHbyAbH8jC7rLs6DUxswSJEE+tDfsKtAu6dcMsbobETTQ
|
|
+OIQ0mi2uOQ0G/Fmflf6wPPnWJpWZI/ivHmK4Gmakp+ZSFCyROekO4a5K7J5KbWM
|
|
dmv9qFbm0LacQpT/XrS+m1TKNLd1udiJpXULmmWisQTxyorjw84WAvOlaVt1ilSQ
|
|
vSYSc1dOvdZO8G0PWa0EoDOIXDohAFeHy+tfBQ/gxSWj2SyC8wpFibchjT9FrMwI
|
|
S5NRUmbjHLiIBcHQYhE+ICP238H7v4JaE2LRhljWESRb5eNlD6Ybf0h8WzEjLWmz
|
|
RJMNedHnUFV/S1eph3BXUMt+3EKYcAqs+xB80Bi/QgyRBrghlolQS55p3gOyZu8w
|
|
NCJ+qsHtFJIaZHDPgD7JOvG8E5Jy8NoFf6qsqROEkVZY3AP9XdK4vx/tn8bSIijX
|
|
oTZ04nzud1TKNBaow5/AoyTlPZvToN1IUPXHhpcpvDlz4IvTTL3Owb+//eHphwhS
|
|
tbkJyFg7PWQSpL8HcX4zFizmlqhq+hVlPrddlAmR45AL3U10J2TTHyNBo1Lvy9YS
|
|
jSe3Ux+gIk30oPRzoVNOXLnACt25LljZ28usuuXTiL2EXL/E7to0z5srOSFpwcZX
|
|
0hkokKKqYwjEvGVolfEB9wSxJ9SsapFj+GrEnKdjZacm4rxmzDGaHwKOm/Rbwg2b
|
|
XCl3LKFiyJPL0rssMvv6qgelkBzbRwjctXjEa8SIR6s1nOumP2QlYHT1Di66k0+E
|
|
zAYm0FNSo2OleRR6pbbXZJXbkUDU931JnON2OPvZ7UhHM2hWfAQq5Nl2KcaqKx/C
|
|
eiRV8o8qOuXyNnckWtv7btFj8Y+MLMIt+Ee6ZWeUWQKEFUoGInPUj8KAN8w8K3Z7
|
|
BX1JyIJD/qNV9mgKFjmhCI3m2xox5b+RO1NDsDz3S33hsPdBHJHWwBCZLquwq+mM
|
|
aSiWiFL8KCK6Fc478J6iUg7Jzd8z3TC02VhCc4p+xWTYEgQN8yUxV2rxSk9mwsWq
|
|
v/iOCp07NN9uhNbF4KIrIX010sUYIq8iI1QeiFtQgmooBUHvd3RQH5fLaa5hwozt
|
|
hmVfJ7Wl0aBpD516QC09QhQS0jqnFRr433dVRI6zFNdxw3joZPUp4MKBlJ7g0CJV
|
|
Iv0fKNJwfT7Vmmwu2M3T5O0NzNx6VkGYXei5+NaJvUwXNwUzmdBUieXyP1bHMhr9
|
|
cobRX9pYWflHCH4n0PshBo/quh98Omy7MVcSQtP4S2kQ4uYtZV8pZj1L5K9DekK0
|
|
Fx113Ns6T2LzzdARMN7S3qsiRveFRrz+Xm0Rtrl//KB5
|
|
-----END ENCRYPTED PRIVATE KEY-----
|
|
`)
|
|
var password = "12345678901234567890123456789012"
|