[GitHub] ningyougang commented on a change in pull request #2427: Support client certificate on cli and nginx

[git]

ningyougang commented on a change in pull request #2427: Support client 
certificate on cli and nginx
URL: 
https://github.com/apache/incubator-openwhisk/pull/2427#discussion_r128407575
 
 

 ##########
 File path: tests/src/test/scala/whisk/core/cli/test/WskBasicUsageTests.scala
 ##########
 @@ -112,6 +112,41 @@ class WskBasicUsageTests
         }
     }
 
+    // If client certificate verification is off, should ingore run below 
tests.
+    if 
(!WhiskProperties.getProperty("whisk.ssl.client.verification").equals("off")){
+        it should "set valid cert key to get expected success result for 
client certificate verification" in {
+            val tmpwskprops = File.createTempFile("wskprops", ".tmp")
+            try {
+                val namespace = 
wsk.namespace.list().stdout.trim.split("\n").last
+                val env = Map("WSK_CONFIG_FILE" -> 
tmpwskprops.getAbsolutePath())
+                // Send request to https://<apihost>/api/v1/namespaces, wsk 
client passes client certificate to nginx, nginx will
+                // verify it by client ca's openwhisk-client-ca-cert.pem
+                val stdout = wsk.cli(Seq("property", "set", "-i", "--apihost", 
wskprops.apihost, "--auth", wskprops.authKey,
+                    "--cert", wskprops.cert, "--key", wskprops.key, 
"--namespace", namespace), env = env).stdout
+                stdout should include(s"ok: client cert set")
+                stdout should include(s"ok: client key set")
+                stdout should include(s"ok: whisk auth set")
+                stdout should include(s"ok: whisk API host set to 
${wskprops.apihost}")
+                stdout should include(s"ok: whisk namespace set to 
${namespace}")
+            } finally {
+                tmpwskprops.delete()
+            }
+        }
+
+        it should "set invalid cert key to get expected exception result for 
client certificate verification" in {
+            val tmpwskprops = File.createTempFile("wskprops", ".tmp")
+            try {
+                val namespace = 
wsk.namespace.list().stdout.trim.split("\n").last
 
 Review comment:
   * This test case just verify the unvalid certificate(a not exist 
certificate), it will throws exception, so it is necessay
   * i think we can use it for `wsk namespace list`, actully, except `wsk 
namespace list`, `wsk action list` and others can also use `--cert/--key`, but 
for test case, `wsk namespace list` using `--cert/--key` is enough
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services