Merge "Remove Stein CI jobs"
diff --git a/octavia_tempest_plugin/contrib/test_server/README.rst b/octavia_tempest_plugin/contrib/test_server/README.rst
index f6ec4bb..66a6030 100644
--- a/octavia_tempest_plugin/contrib/test_server/README.rst
+++ b/octavia_tempest_plugin/contrib/test_server/README.rst
@@ -44,20 +44,24 @@
Usage of ./test_server.bin:
-cert string
- Server side PEM format certificate.
+ Server side PEM format certificate file path.
-client_ca string
- Client side PEM format CA certificate.
+ Client auth PEM format CA certificate file path.
-https_port int
HTTPS port to listen on, -1 is disabled. (default -1)
+ -https_client_auth_port int
+ HTTPS with client authentication port to listen on, -1 is disabled.
+ (default -1)
-id string
Server ID (default "1")
-key string
- Server side PEM format key.
+ Server side PEM format key file path.
-port int
Port to listen on (default 8080)
If -https_port is not specified, the server will not accept HTTPS requests.
When --https_port is specified, -cert and -key are required parameters.
-If -https_port is specified, the -client_ca parameter is optional. When
--client_ca is specified, it will configure the HTTPS port to require a valid
-client certificate to connect.
+
+If -https_client_auth_port is specified, the -client_ca parameter is required.
+When -client_ca is specified, it will configure the HTTPS client auth port to
+require a valid client certificate to connect.
diff --git a/octavia_tempest_plugin/contrib/test_server/test_server.go b/octavia_tempest_plugin/contrib/test_server/test_server.go
index cb4089d..fa8f8d7 100644
--- a/octavia_tempest_plugin/contrib/test_server/test_server.go
+++ b/octavia_tempest_plugin/contrib/test_server/test_server.go
@@ -236,11 +236,14 @@
idPtr := flag.String("id", "1", "Server ID")
httpsPortPtr := flag.Int("https_port", -1,
"HTTPS port to listen on, -1 is disabled.")
+ httpsClientAuthPortPtr := flag.Int("https_client_auth_port", -1,
+ "HTTPS with client authentication port to listen on, -1 is disabled.")
serverCertPem := flag.String("cert", "",
- "Server side PEM format certificate.")
- serverKey := flag.String("key", "", "Server side PEM format key.")
+ "Server side PEM format certificate file path.")
+ serverKey := flag.String("key", "",
+ "Server side PEM format key file path.")
clientCaCertPem := flag.String("client_ca", "",
- "Client side PEM format CA certificate.")
+ "Client auth PEM format CA certificate file path.")
flag.Parse()
@@ -254,21 +257,27 @@
fmt.Println("Error load server certificate and key.")
os.Exit(1)
}
- certpool := x509.NewCertPool()
- if *clientCaCertPem != "" {
- caPem, err := ioutil.ReadFile(*clientCaCertPem)
- if err != nil {
- fmt.Println("Error load client side CA cert.")
- os.Exit(1)
- }
- if !certpool.AppendCertsFromPEM(caPem) {
- fmt.Println("Can't parse client side certificate authority")
- os.Exit(1)
- }
- } else {
- certpool = nil
+ go httpsServe(*httpsPortPtr, *idPtr, cert, nil,
+ *serverCertPem, *serverKey)
+ }
+
+ if *httpsClientAuthPortPtr > -1 {
+ cert, err := tls.LoadX509KeyPair(*serverCertPem, *serverKey)
+ if err != nil {
+ fmt.Println("Error load server certificate and key.\n")
+ os.Exit(1)
}
- go httpsServe(*httpsPortPtr, *idPtr, cert, certpool,
+ certpool := x509.NewCertPool()
+ caPem, err := ioutil.ReadFile(*clientCaCertPem)
+ if err != nil {
+ fmt.Println("Error loading client auth CA cert.\n")
+ os.Exit(1)
+ }
+ if !certpool.AppendCertsFromPEM(caPem) {
+ fmt.Println("Can't parse client auth certificate authority")
+ os.Exit(1)
+ }
+ go httpsServe(*httpsClientAuthPortPtr, *idPtr, cert, certpool,
*serverCertPem, *serverKey)
}