[GitHub] rabbah commented on a change in pull request #2427: Support client certificate on cli and nginx

Wed, 19 Jul 2017 05:12:08 -0700 

rabbah commented on a change in pull request #2427: Support client certificate 
on cli and nginx
URL: 
https://github.com/apache/incubator-openwhisk/pull/2427#discussion_r128227058
 
 

 ##########
 File path: tests/src/test/scala/whisk/core/cli/test/WskBasicUsageTests.scala
 ##########
 @@ -112,6 +112,41 @@ class WskBasicUsageTests
         }
     }
 
+    // If client certificate verification is off, should ingore run below 
tests.
+    if 
(!WhiskProperties.getProperty("whisk.ssl.client.verification").equals("off")){
+        it should "set valid cert key to get expected success result for 
client certificate verification" in {
+            val tmpwskprops = File.createTempFile("wskprops", ".tmp")
+            try {
+                val namespace = 
wsk.namespace.list().stdout.trim.split("\n").last
+                val env = Map("WSK_CONFIG_FILE" -> 
tmpwskprops.getAbsolutePath())
+                // Send request to https://<apihost>/api/v1/namespaces, wsk 
client passes client certificate to nginx, nginx will
+                // verify it by client ca's openwhisk-client-ca-cert.pem
+                val stdout = wsk.cli(Seq("property", "set", "-i", "--apihost", 
wskprops.apihost, "--auth", wskprops.authKey,
+                    "--cert", wskprops.cert, "--key", wskprops.key, 
"--namespace", namespace), env = env).stdout
+                stdout should include(s"ok: client cert set")
+                stdout should include(s"ok: client key set")
+                stdout should include(s"ok: whisk auth set")
+                stdout should include(s"ok: whisk API host set to 
${wskprops.apihost}")
+                stdout should include(s"ok: whisk namespace set to 
${namespace}")
+            } finally {
+                tmpwskprops.delete()
+            }
+        }
+
+        it should "set invalid cert key to get expected exception result for 
client certificate verification" in {
+            val tmpwskprops = File.createTempFile("wskprops", ".tmp")
+            try {
+                val namespace = 
wsk.namespace.list().stdout.trim.split("\n").last
 
 Review comment:
   This should be Whois. Also seems unnecessary to do all this to validate the 
cert. can't you use it with wsk namespace list in the first place?
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to