chore(ci) install penlight in test env

Kong · Jun 3, 2020 · 9a77506 · 9a77506
1 parent fab6089
commit 9a77506
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 6 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,6 +1,4 @@
 
-sudo: required
-
 language: c
 
 compiler: gcc
@@ -51,6 +49,7 @@ install:
   - export PATH=$OPENRESTY_PREFIX/nginx/sbin:$LUAROCKS_PREFIX/bin:$PATH
   - sudo luarocks install luacheck > build.log 2>&1 || (cat build.log && exit 1)
   - sudo luarocks install lua-resty-worker-events > build.log 2>&1 || (cat build.log && exit 1)
+  - sudo luarocks install penlight > build.log 2>&1 || (cat build.log && exit 1)
   - luarocks --version
   - nginx -V
 

diff --git a/lib/resty/healthcheck.lua b/lib/resty/healthcheck.lua
@@ -829,7 +829,7 @@ function checker:run_single_check(ip, port, hostname, hostheader)
   end
 
   if self.checks.active.type == "https" then
-    local session
+    local session, err
     if self.ssl_cert and self.ssl_key then
       session, err = sock:tlshandshake({
         verify = self.checks.active.https_verify_certificate,
@@ -845,6 +845,7 @@ function checker:run_single_check(ip, port, hostname, hostheader)
       self:log(ERR, "failed SSL handshake with '", hostname, " (", ip, ":", port, ")': ", err)
       return self:report_tcp_failure(ip, port, hostname, "connect", "active")
     end
+
   end
 
   local path = self.checks.active.http_path
@@ -1283,6 +1284,8 @@ end
 -- * `name`: name of the health checker
 -- * `shm_name`: the name of the `lua_shared_dict` specified in the Nginx configuration to use
 -- * `checks.active.type`: "http", "https" or "tcp" (default is "http")
+-- * `ssl_cert`: certificate for mTLS connections (string or parsed object)
+-- * `ssl_key`: key for mTLS connections (string or parsed object)
 -- * `checks.active.timeout`: socket timeout for active checks (in seconds)
 -- * `checks.active.concurrency`: number of targets to check concurrently
 -- * `checks.active.http_path`: path to use in `GET` HTTP request to run on active checks
@@ -1350,8 +1353,18 @@ function _M.new(opts)
 
   -- load certificate and key
   if opts.ssl_cert and opts.ssl_key then
-    self.ssl_cert = assert(ssl.parse_pem_cert(opts.ssl_cert))
-    self.ssl_key = assert(ssl.parse_pem_priv_key(opts.ssl_key))
+    if type(opts.ssl_cert) == "cdata" then
+      self.ssl_cert = opts.ssl_cert
+    else
+      self.ssl_cert = assert(ssl.parse_pem_cert(opts.ssl_cert))
+    end
+
+    if type(opts.ssl_key) == "cdata" then
+      self.ssl_key = opts.ssl_key
+    else
+      self.ssl_key = assert(ssl.parse_pem_priv_key(opts.ssl_key))
+    end
+
   end
 
   -- other properties

diff --git a/t/17-mtls.t b/t/17-mtls.t
@@ -3,7 +3,7 @@ use Cwd qw(cwd);
 
 workers(1);
 
-plan tests => repeat_each() * 2;
+plan tests => repeat_each() * 4;
 
 my $pwd = cwd();
 
@@ -70,3 +70,59 @@ qq{
 GET /t
 --- response_body
 true
+
+
+=== TEST 2: configure a MTLS probe with parsed cert/key
+--- http_config eval
+qq{
+    $::HttpConfig
+}
+--- config
+    location = /t {
+        content_by_lua_block {
+            local we = require "resty.worker.events"
+            assert(we.configure{ shm = "my_worker_events", interval = 0.1 })
+
+            local pl_file = require "pl.file"
+            local ssl = require "ngx.ssl"
+            local cert = ssl.parse_pem_cert(pl_file.read("t/util/cert.pem", true))
+            local key = ssl.parse_pem_priv_key(pl_file.read("t/util/key.pem", true))
+
+            local healthcheck = require("resty.healthcheck")
+            local checker = healthcheck.new({
+                name = "testing_mtls",
+                shm_name = "test_shm",
+                type = "http",
+                ssl_cert = cert,
+                ssl_key = key,
+                checks = {
+                    active = {
+                        http_path = "/status",
+                        healthy  = {
+                            interval = 999, -- we don't want active checks
+                            successes = 3,
+                        },
+                        unhealthy  = {
+                            interval = 999, -- we don't want active checks
+                            tcp_failures = 3,
+                            http_failures = 3,
+                        }
+                    },
+                    passive = {
+                        healthy  = {
+                            successes = 3,
+                        },
+                        unhealthy  = {
+                            tcp_failures = 3,
+                            http_failures = 3,
+                        }
+                    }
+                }
+            })
+            ngx.say(checker ~= nil)  -- true
+        }
+    }
+--- request
+GET /t
+--- response_body
+true