chore(test): removing redundant mtls tests (hypermodeinc#6961)

* chore(test): removing redundant mtls tests * changing systest to work with mtls * fixing certificates
Renz7 · Nov 24, 2020 · 344e1e3 · 344e1e3
1 parent bc7b261
commit 344e1e3
Show file tree

Hide file tree

Showing 55 changed files with 268 additions and 3,361 deletions.
diff --git a/systest/backup/encryption/backup_test.go b/systest/backup/encryption/backup_test.go
@@ -22,25 +22,21 @@ import (
 	"fmt"
 	"io/ioutil"
 	"math"
-	"net/http"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
 	"time"
 
-	"github.com/dgraph-io/dgo/v200"
 	"github.com/dgraph-io/dgo/v200/protos/api"
-	minio "github.com/minio/minio-go/v6"
-	"github.com/spf13/pflag"
-	"github.com/spf13/viper"
-	"github.com/stretchr/testify/require"
-	"google.golang.org/grpc"
-
 	"github.com/dgraph-io/dgraph/ee/enc"
 	"github.com/dgraph-io/dgraph/testutil"
 	"github.com/dgraph-io/dgraph/worker"
 	"github.com/dgraph-io/dgraph/x"
+	minio "github.com/minio/minio-go/v6"
+	"github.com/spf13/pflag"
+	"github.com/spf13/viper"
+	"github.com/stretchr/testify/require"
 )
 
 var (
@@ -59,10 +55,12 @@ func TestBackupMinioE(t *testing.T) {
 	addr := testutil.ContainerAddr("minio", 9001)
 	localBackupDst = "minio://" + addr + "/dgraph-backup?secure=false"
 
-	conn, err := grpc.Dial(testutil.SockAddr, grpc.WithInsecure())
+	conf := viper.GetViper()
+	conf.Set("tls-cacert", "../../../tlstest/mtls_internal/tls/live/ca.crt")
+	conf.Set("tls-internal-port-enabled", true)
+	conf.Set("tls-server-name", "alpha1")
+	dg, err := testutil.DgraphClientWithCerts(testutil.SockAddr, conf)
 	require.NoError(t, err)
-	dg := dgo.NewDgraphClient(api.NewDgraphClient(conn))
-
 	mc, err = testutil.NewMinioClient()
 	require.NoError(t, err)
 	require.NoError(t, mc.MakeBucket(bucketName, ""))
@@ -90,8 +88,9 @@ func TestBackupMinioE(t *testing.T) {
 	require.NoError(t, err)
 	t.Logf("--- Original uid mapping: %+v\n", original.Uids)
 
+	client := testutil.GetHttpsClient(t)
 	// Move tablet to group 1 to avoid messes later.
-	_, err = http.Get("http://" + testutil.SockAddrZeroHttp + "/moveTablet?tablet=movie&group=1")
+	_, err = client.Get("https://" + testutil.SockAddrZeroHttp + "/moveTablet?tablet=movie&group=1")
 	require.NoError(t, err)
 
 	// After the move, we need to pause a bit to give zero a chance to quorum.
@@ -263,7 +262,7 @@ func runBackupInternal(t *testing.T, forceFull bool, numExpectedFiles,
 		}
 	}`
 
-	adminUrl := "http://" + testutil.SockAddrHttp + "/admin"
+	adminUrl := "https://" + testutil.SockAddrHttp + "/admin"
 	params := testutil.GraphQLParams{
 		Query: backupRequest,
 		Variables: map[string]interface{}{
@@ -273,8 +272,8 @@ func runBackupInternal(t *testing.T, forceFull bool, numExpectedFiles,
 	}
 	b, err := json.Marshal(params)
 	require.NoError(t, err)
-
-	resp, err := http.Post(adminUrl, "application/json", bytes.NewBuffer(b))
+	client := testutil.GetHttpsClient(t)
+	resp, err := client.Post(adminUrl, "application/json", bytes.NewBuffer(b))
 	require.NoError(t, err)
 	buf, err := ioutil.ReadAll(resp.Body)
 	require.NoError(t, err)

diff --git a/systest/backup/encryption/docker-compose.yml b/systest/backup/encryption/docker-compose.yml
@@ -21,7 +21,13 @@ services:
       source: ../../../ee/enc/test-fixtures/enc-key
       target: /dgraph-enc/enc-key
       read_only: true
+    - type: bind
+      source: ../../../tlstest/mtls_internal/tls/alpha1
+      target: /dgraph-tls
+      read_only: true
     command: /gobin/dgraph alpha --my=alpha1:7080 --zero=zero1:5080 --logtostderr
+      --tls_cacert /dgraph-tls/ca.crt --tls_node_cert /dgraph-tls/node.crt --tls_node_key /dgraph-tls/node.key
+      --tls_internal_port_enabled=true --tls_cert /dgraph-tls/client.alpha1.crt --tls_key /dgraph-tls/client.alpha1.key
       -v=2 --whitelist=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 --encryption_key_file="/dgraph-enc/enc-key"
   alpha2:
     image: dgraph/dgraph:latest
@@ -42,7 +48,13 @@ services:
       source: ../../../ee/enc/test-fixtures/enc-key
       target: /dgraph-enc/enc-key
       read_only: true
+    - type: bind
+      source: ../../../tlstest/mtls_internal/tls/alpha2
+      target: /dgraph-tls
+      read_only: true
     command: /gobin/dgraph alpha --my=alpha2:7080 --zero=zero1:5080 --logtostderr
+      --tls_cacert /dgraph-tls/ca.crt --tls_node_cert /dgraph-tls/node.crt --tls_node_key /dgraph-tls/node.key
+      --tls_internal_port_enabled=true --tls_cert /dgraph-tls/client.alpha2.crt --tls_key /dgraph-tls/client.alpha2.key
       -v=2 --whitelist=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 --encryption_key_file="/dgraph-enc/enc-key"
   alpha3:
     image: dgraph/dgraph:latest
@@ -63,7 +75,13 @@ services:
       source: ../../../ee/enc/test-fixtures/enc-key
       target: /dgraph-enc/enc-key
       read_only: true
+    - type: bind
+      source: ../../../tlstest/mtls_internal/tls/alpha3
+      target: /dgraph-tls
+      read_only: true
     command: /gobin/dgraph alpha --my=alpha3:7080 --zero=zero1:5080 --logtostderr
+      --tls_cacert /dgraph-tls/ca.crt --tls_node_cert /dgraph-tls/node.crt --tls_node_key /dgraph-tls/node.key
+      --tls_internal_port_enabled=true --tls_cert /dgraph-tls/client.alpha3.crt --tls_key /dgraph-tls/client.alpha3.key
       -v=2 --whitelist=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 --encryption_key_file="/dgraph-enc/enc-key"
   zero1:
     image: dgraph/dgraph:latest
@@ -78,7 +96,13 @@ services:
       source: $GOPATH/bin
       target: /gobin
       read_only: true
+    - type: bind
+      source: ../../../tlstest/mtls_internal/tls/zero1
+      target: /dgraph-tls
+      read_only: true
     command: /gobin/dgraph zero --idx=1 --my=zero1:5080 --replicas=1 --logtostderr
+      --tls_cacert /dgraph-tls/ca.crt --tls_node_cert /dgraph-tls/node.crt --tls_node_key /dgraph-tls/node.key
+      --tls_internal_port_enabled=true --tls_cert /dgraph-tls/client.zero1.crt --tls_key /dgraph-tls/client.zero1.key
       -v=2 --bindall
   minio:
     image: minio/minio:latest

diff --git a/systest/backup/filesystem/backup_test.go b/systest/backup/filesystem/backup_test.go
@@ -22,13 +22,14 @@ import (
 	"fmt"
 	"io/ioutil"
 	"math"
-	"net/http"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
 	"time"
 
+	"google.golang.org/grpc/credentials"
+
 	"github.com/dgraph-io/dgo/v200"
 	"github.com/dgraph-io/dgo/v200/protos/api"
 	"github.com/stretchr/testify/require"
@@ -54,7 +55,7 @@ var (
 )
 
 func TestBackupFilesystem(t *testing.T) {
-	conn, err := grpc.Dial(testutil.SockAddr, grpc.WithInsecure())
+	conn, err := grpc.Dial(testutil.SockAddr, grpc.WithTransportCredentials(credentials.NewTLS(testutil.GetAlphaClientConfig(t))))
 	require.NoError(t, err)
 	dg := dgo.NewDgraphClient(api.NewDgraphClient(conn))
 
@@ -94,7 +95,8 @@ func TestBackupFilesystem(t *testing.T) {
 	t.Logf("--- Original uid mapping: %+v\n", original.Uids)
 
 	// Move tablet to group 1 to avoid messes later.
-	_, err = http.Get("http://" + testutil.SockAddrZeroHttp + "/moveTablet?tablet=movie&group=1")
+	client := testutil.GetHttpsClient(t)
+	_, err = client.Get("https://" + testutil.SockAddrZeroHttp + "/moveTablet?tablet=movie&group=1")
 	require.NoError(t, err)
 
 	// After the move, we need to pause a bit to give zero a chance to quorum.
@@ -308,7 +310,7 @@ func runBackupInternal(t *testing.T, forceFull bool, numExpectedFiles,
 			}
 		}`
 
-	adminUrl := "http://" + testutil.SockAddrHttp + "/admin"
+	adminUrl := "https://" + testutil.SockAddrHttp + "/admin"
 	params := testutil.GraphQLParams{
 		Query: backupRequest,
 		Variables: map[string]interface{}{
@@ -319,7 +321,8 @@ func runBackupInternal(t *testing.T, forceFull bool, numExpectedFiles,
 	b, err := json.Marshal(params)
 	require.NoError(t, err)
 
-	resp, err := http.Post(adminUrl, "application/json", bytes.NewBuffer(b))
+	client := testutil.GetHttpsClient(t)
+	resp, err := client.Post(adminUrl, "application/json", bytes.NewBuffer(b))
 	require.NoError(t, err)
 	defer resp.Body.Close()
 	buf, err := ioutil.ReadAll(resp.Body)

diff --git a/systest/backup/filesystem/docker-compose.yml b/systest/backup/filesystem/docker-compose.yml
@@ -19,7 +19,13 @@ services:
       source: ./data/backups
       target: /data/backups/
       read_only: false
+    - type: bind
+      source: ../../../tlstest/mtls_internal/tls/alpha1
+      target: /dgraph-tls
+      read_only: true
     command: /gobin/dgraph alpha --my=alpha1:7080 --zero=zero1:5080 --logtostderr
+      --tls_cacert /dgraph-tls/ca.crt --tls_node_cert /dgraph-tls/node.crt --tls_node_key /dgraph-tls/node.key
+      --tls_internal_port_enabled=true --tls_cert /dgraph-tls/client.alpha1.crt --tls_key /dgraph-tls/client.alpha1.key
       -v=2 --whitelist=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
   alpha2:
     image: dgraph/dgraph:latest
@@ -38,7 +44,13 @@ services:
       source: ./data/backups
       target: /data/backups/
       read_only: false
+    - type: bind
+      source: ../../../tlstest/mtls_internal/tls/alpha2
+      target: /dgraph-tls
+      read_only: true
     command: /gobin/dgraph alpha --my=alpha2:7080 --zero=zero1:5080 --logtostderr
+      --tls_cacert /dgraph-tls/ca.crt --tls_node_cert /dgraph-tls/node.crt --tls_node_key /dgraph-tls/node.key
+      --tls_internal_port_enabled=true --tls_cert /dgraph-tls/client.alpha2.crt --tls_key /dgraph-tls/client.alpha2.key
       -v=2 --whitelist=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
   alpha3:
     image: dgraph/dgraph:latest
@@ -57,7 +69,13 @@ services:
       source: ./data/backups
       target: /data/backups/
       read_only: false
+    - type: bind
+      source: ../../../tlstest/mtls_internal/tls/alpha3
+      target: /dgraph-tls
+      read_only: true
     command: /gobin/dgraph alpha --my=alpha3:7080 --zero=zero1:5080 --logtostderr
+      --tls_cacert /dgraph-tls/ca.crt --tls_node_cert /dgraph-tls/node.crt --tls_node_key /dgraph-tls/node.key
+      --tls_internal_port_enabled=true --tls_cert /dgraph-tls/client.alpha3.crt --tls_key /dgraph-tls/client.alpha3.key
       -v=2 --whitelist=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
   zero1:
     image: dgraph/dgraph:latest
@@ -76,6 +94,12 @@ services:
       source: ./data/backups
       target: /data/backups/
       read_only: false
+    - type: bind
+      source: ../../../tlstest/mtls_internal/tls/zero1
+      target: /dgraph-tls
+      read_only: true
     command: /gobin/dgraph zero --idx=1 --my=zero1:5080 --replicas=1 --logtostderr
+      --tls_cacert /dgraph-tls/ca.crt --tls_node_cert /dgraph-tls/node.crt --tls_node_key /dgraph-tls/node.key
+      --tls_internal_port_enabled=true --tls_cert /dgraph-tls/client.zero1.crt --tls_key /dgraph-tls/client.zero1.key
       -v=2 --bindall
 volumes: {}
diff --git a/systest/backup/minio-large/backup_test.go b/systest/backup/minio-large/backup_test.go
@@ -20,13 +20,14 @@ import (
 	"fmt"
 	"io/ioutil"
 	"math"
-	"net/http"
 	"net/url"
 	"os"
 	"strings"
 	"testing"
 	"time"
 
+	"google.golang.org/grpc/credentials"
+
 	"github.com/dgraph-io/dgo/v200"
 	"github.com/dgraph-io/dgo/v200/protos/api"
 	minio "github.com/minio/minio-go/v6"
@@ -54,7 +55,7 @@ var (
 // Test to add a large database and verify backup and restore work as expected.
 func TestBackupMinioLarge(t *testing.T) {
 	// backupDestination = "minio://" + testutil.DockerPrefix + "_minio_1:9001/dgraph-backup?secure=false"
-	conn, err := grpc.Dial(testutil.SockAddr, grpc.WithInsecure())
+	conn, err := grpc.Dial(testutil.SockAddr, grpc.WithTransportCredentials(credentials.NewTLS(testutil.GetAlphaClientConfig(t))))
 	require.NoError(t, err)
 	dg := dgo.NewDgraphClient(api.NewDgraphClient(conn))
 	ctx := context.Background()
@@ -94,13 +95,14 @@ func setupTablets(t *testing.T, dg *dgo.Dgraph) {
 		Schema: `name1: string .
 				 name2: string .
 				 name3: string .`}))
-	_, err := http.Get("http://" + testutil.SockAddrZeroHttp + "/moveTablet?tablet=name1&group=1")
+	client := testutil.GetHttpsClient(t)
+	_, err := client.Get("https://" + testutil.SockAddrZeroHttp + "/moveTablet?tablet=name1&group=1")
 	require.NoError(t, err)
 	time.Sleep(time.Second)
-	_, err = http.Get("http://" + testutil.SockAddrZeroHttp + "/moveTablet?tablet=name2&group=2")
+	_, err = client.Get("https://" + testutil.SockAddrZeroHttp + "/moveTablet?tablet=name2&group=2")
 	require.NoError(t, err)
 	time.Sleep(time.Second)
-	_, err = http.Get("http://" + testutil.SockAddrZeroHttp + "/moveTablet?tablet=name3&group=3")
+	_, err = client.Get("https://" + testutil.SockAddrZeroHttp + "/moveTablet?tablet=name3&group=3")
 	require.NoError(t, err)
 
 	// After the move, we need to pause a bit to give zero a chance to quorum.
@@ -143,7 +145,8 @@ func addTriples(t *testing.T, dg *dgo.Dgraph, numTriples int) {
 func runBackup(t *testing.T) {
 	// Using the old /admin/backup endpoint to ensure it works. Change back to using
 	// the GraphQL endpoint at /admin once this endpoint is deprecated.
-	resp, err := http.PostForm("http://"+testutil.SockAddrHttp+"/admin/backup", url.Values{
+	client := testutil.GetHttpsClient(t)
+	resp, err := client.PostForm("https://"+testutil.SockAddrHttp+"/admin/backup", url.Values{
 		"destination": []string{backupDestination},
 	})
 	require.NoError(t, err)

diff --git a/systest/backup/minio-large/docker-compose.yml b/systest/backup/minio-large/docker-compose.yml
@@ -17,7 +17,13 @@ services:
       source: $GOPATH/bin
       target: /gobin
       read_only: true
+    - type: bind
+      source: ../../../tlstest/mtls_internal/tls/alpha1
+      target: /dgraph-tls
+      read_only: true
     command: /gobin/dgraph alpha --my=alpha1:7080 --zero=zero1:5080 --logtostderr
+      --tls_cacert /dgraph-tls/ca.crt --tls_node_cert /dgraph-tls/node.crt --tls_node_key /dgraph-tls/node.key
+      --tls_internal_port_enabled=true --tls_cert /dgraph-tls/client.alpha1.crt --tls_key /dgraph-tls/client.alpha1.key
       -v=2 --whitelist=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
   alpha2:
     image: dgraph/dgraph:latest
@@ -34,7 +40,13 @@ services:
       source: $GOPATH/bin
       target: /gobin
       read_only: true
+    - type: bind
+      source: ../../../tlstest/mtls_internal/tls/alpha2
+      target: /dgraph-tls
+      read_only: true
     command: /gobin/dgraph alpha --my=alpha2:7080 --zero=zero1:5080 --logtostderr
+      --tls_cacert /dgraph-tls/ca.crt --tls_node_cert /dgraph-tls/node.crt --tls_node_key /dgraph-tls/node.key
+      --tls_internal_port_enabled=true --tls_cert /dgraph-tls/client.alpha2.crt --tls_key /dgraph-tls/client.alpha3.key
       -v=2 --whitelist=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
   alpha3:
     image: dgraph/dgraph:latest
@@ -51,7 +63,13 @@ services:
       source: $GOPATH/bin
       target: /gobin
       read_only: true
+    - type: bind
+      source: ../../../tlstest/mtls_internal/tls/alpha3
+      target: /dgraph-tls
+      read_only: true
     command: /gobin/dgraph alpha --my=alpha3:7080 --zero=zero1:5080 --logtostderr
+      --tls_cacert /dgraph-tls/ca.crt --tls_node_cert /dgraph-tls/node.crt --tls_node_key /dgraph-tls/node.key
+      --tls_internal_port_enabled=true --tls_cert /dgraph-tls/client.alpha3.crt --tls_key /dgraph-tls/client.alpha3.key
       -v=2 --whitelist=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
   minio:
     image: minio/minio:RELEASE.2020-11-13T20-10-18Z
@@ -73,6 +91,12 @@ services:
       source: $GOPATH/bin
       target: /gobin
       read_only: true
+    - type: bind
+      source: ../../../tlstest/mtls_internal/tls/zero1
+      target: /dgraph-tls
+      read_only: true
     command: /gobin/dgraph zero --idx=1 --my=zero1:5080 --replicas=1 --logtostderr
+      --tls_cacert /dgraph-tls/ca.crt --tls_node_cert /dgraph-tls/node.crt --tls_node_key /dgraph-tls/node.key
+      --tls_internal_port_enabled=true --tls_cert /dgraph-tls/client.zero1.crt --tls_key /dgraph-tls/client.zero1.key
       -v=2 --bindall
 volumes: {}