fix: cannot start with tls

Author: LinuxSuRen

.gitignore

@@ -21,4 +21,11 @@ console/atest-desktop/atest.exe
 console/atest-desktop/coverage
 atest-store-git
 .db
-.marscode/
+.marscode/
+e2e/test.pem
+e2e/test.csr
+e2e/test.key
+e2e/server.srl
+e2e/server.key
+e2e/server.csr
+e2e/server.crt

cmd/server.go

@@ -109,8 +109,8 @@ func createServerCmd(execer fakeruntime.Execer, httpServer server.HTTPServer) (c
 
 	// gc related flags
 	flags.IntVarP(&opt.gcPercent, "gc-percent", "", 100, "The GC percent of Go")
-	//grpc_tls
-	flags.BoolVarP(&opt.tls, "tls-grpc", "", false, "Enable TLS mode. Set to true to enable TLS. Alow SAN certificates")
+
+	flags.BoolVarP(&opt.tls, "tls", "", false, "Enable TLS mode. Set to true to enable TLS. Alow SAN certificates")
 	flags.StringVarP(&opt.tlsCert, "cert-file", "", "", "The path to the certificate file, Alow SAN certificates")
 	flags.StringVarP(&opt.tlsKey, "key-file", "", "", "The path to the key file, Alow SAN certificates")
 
@@ -124,8 +124,12 @@ type serverOption struct {
 	httpServer server.HTTPServer
 	execer     fakeruntime.Execer
 
-	port              int
-	httpPort          int
+	port     int
+	httpPort int
+	tls      bool
+	tlsCert  string
+	tlsKey   string
+
 	printProto        bool
 	localStorage      []string
 	consolePath       string
@@ -148,17 +152,12 @@ type serverOption struct {
 	mockConfig []string
 	mockPrefix string
 
-	gcPercent int
-
-	dryRun bool
-
+	gcPercent          int
+	dryRun             bool
 	grpcMaxRecvMsgSize int
 
 	// inner fields, not as command flags
 	provider oauth.OAuthProvider
-	tls      bool
-	tlsCert  string
-	tlsKey   string
 }
 
 func (o *serverOption) preRunE(cmd *cobra.Command, args []string) (err error) {
@@ -190,15 +189,20 @@ func (o *serverOption) preRunE(cmd *cobra.Command, args []string) (err error) {
 
 		grpcOpts = append(grpcOpts, atestoauth.NewAuthInterceptor(o.oauthGroup))
 	}
+
 	if o.tls {
 		if o.tlsCert != "" && o.tlsKey != "" {
 			creds, err := credentials.NewServerTLSFromFile(o.tlsCert, o.tlsKey)
 			if err != nil {
 				return fmt.Errorf("failed to load credentials: %v", err)
 			}
 			grpcOpts = append(grpcOpts, grpc.Creds(creds))
+		} else {
+			err = fmt.Errorf("both --cert-file and --key-file flags are required when --tls is enabled")
+			return
 		}
 	}
+
 	if o.dryRun {
 		o.gRPCServer = &fakeGRPCServer{}
 	} else {
@@ -278,7 +282,7 @@ func (o *serverOption) runE(cmd *cobra.Command, args []string) (err error) {
 		mockWriter = mock.NewInMemoryReader("")
 	}
 
-	dynamicMockServer := mock.NewInMemoryServer(cmd.Context(), 0)
+	dynamicMockServer := mock.NewInMemoryServer(cmd.Context(), 0).WithTLS(o.tlsCert, o.tlsKey)
 	mockServerController := server.NewMockServerController(mockWriter, dynamicMockServer, o.httpPort)
 
 	clean := make(chan os.Signal, 1)
@@ -330,15 +334,18 @@ func (o *serverOption) runE(cmd *cobra.Command, args []string) (err error) {
 	gRPCServerAddr := fmt.Sprintf("127.0.0.1:%s", gRPCServerPort)
 
 	if o.tls {
-		creds, err := credentials.NewClientTLSFromFile(o.tlsCert, "localhost")
+		var creds credentials.TransportCredentials
+		creds, err = credentials.NewClientTLSFromFile(o.tlsCert, "127.0.0.1")
 		if err != nil {
 			return fmt.Errorf("failed to load credentials: %v", err)
 		}
+
+		opts := []grpc.DialOption{grpc.WithTransportCredentials(creds)}
 		err = errors.Join(
-			server.RegisterRunnerHandlerFromEndpoint(ctx, mux, gRPCServerAddr, []grpc.DialOption{grpc.WithTransportCredentials(creds)}),
-			server.RegisterMockHandlerFromEndpoint(ctx, mux, gRPCServerAddr, []grpc.DialOption{grpc.WithTransportCredentials(creds)}),
-			server.RegisterThemeExtensionHandlerFromEndpoint(ctx, mux, gRPCServerAddr, []grpc.DialOption{grpc.WithTransportCredentials(creds)}),
-			server.RegisterDataServerHandlerFromEndpoint(ctx, mux, gRPCServerAddr, []grpc.DialOption{grpc.WithTransportCredentials(creds)}))
+			server.RegisterRunnerHandlerFromEndpoint(ctx, mux, gRPCServerAddr, opts),
+			server.RegisterMockHandlerFromEndpoint(ctx, mux, gRPCServerAddr, opts),
+			server.RegisterThemeExtensionHandlerFromEndpoint(ctx, mux, gRPCServerAddr, opts),
+			server.RegisterDataServerHandlerFromEndpoint(ctx, mux, gRPCServerAddr, opts))
 	} else {
 		dialOption := []grpc.DialOption{grpc.WithTransportCredentials(insecure.NewCredentials()),
 			grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(math.MaxInt))}

console/atest-ui/src/views/net.ts

@@ -13,7 +13,6 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-import { ca } from 'element-plus/es/locales.mjs';
 import { Cache } from './cache'
 
 /**

e2e/entrypoint.sh

@@ -5,33 +5,15 @@ SCRIPT_DIR=$(dirname "$(readlink -f "$0")")
 mkdir -p /root/.config/atest
 mkdir -p /var/data
 
-# Generate private key
-openssl genrsa -out server.key 2048
-# Generate self-signed certificate
-openssl req -new -x509 -key server.key -out server.crt -days 36500 \
-    -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"
-# Generate Certificate Signing Request (CSR)
-openssl req -new -key server.key -out server.csr \
-    -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"
-# Generate a new private key
-openssl genpkey -algorithm RSA -out test.key
-# Generate a new CSR
-openssl req -new -nodes -key test.key -out test.csr -days 3650 \
-    -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" \
-    -config "openssl.cnf" -extensions v3_req
-# Sign the new CSR with the self-signed certificate
-openssl x509 -req -days 365 -in test.csr \
-    -out test.pem -CA server.crt -CAkey server.key \
-    -CAcreateserial -extfile "openssl.cnf" -extensions v3_req
-
 echo "start to download extenions"
 atest extension --output /usr/local/bin --registry ghcr.io git
 atest extension --output /usr/local/bin --registry ghcr.io orm
 atest extension --output /usr/local/bin --registry ghcr.io etcd
 atest extension --output /usr/local/bin --registry ghcr.io mongodb
 
 echo "start to run server"
-nohup atest server --tls-grpc --cert-file test.pem --key-file test.key&
+./generate-tls.sh
+nohup atest server --tls --cert-file test.pem --key-file test.key&
 cmd="atest run -p test-suite-common.yaml --request-ignore-error"
 
 echo "start to run testing: $cmd"

e2e/generate-tls.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+set -e
+
+# Generate private key
+openssl genrsa -out server.key 2048
+# Generate self-signed certificate
+openssl req -new -x509 -key server.key -out server.crt -days 36500 \
+    -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=atest" \
+# Generate Certificate Signing Request (CSR)
+openssl req -new -key server.key -out server.csr \
+    -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=atest" \
+# Generate a new private key
+openssl genpkey -algorithm RSA -out test.key
+# Generate a new CSR
+openssl req -new -nodes -key test.key -out test.csr -days 3650 \
+    -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=atest" \
+    -config "openssl.cnf" -extensions v3_req
+# Sign the new CSR with the self-signed certificate
+openssl x509 -req -days 365 -in test.csr \
+    -out test.pem -CA server.crt -CAkey server.key \
+    -CAcreateserial -extfile "openssl.cnf" -extensions v3_req

e2e/openssl.cnf

@@ -397,3 +397,4 @@ system_default = system_default_sect
 CipherString = DEFAULT:@SECLEVEL=2
 [ alt_names ]
 DNS.1 = localhost
+IP.1 = 127.0.0.1

pkg/mock/in_memory.go

@@ -47,16 +47,17 @@ var (
 )
 
 type inMemoryServer struct {
-	data       map[string][]map[string]interface{}
-	mux        *mux.Router
-	listener   net.Listener
-	port       int
-	prefix     string
-	wg         sync.WaitGroup
-	ctx        context.Context
-	cancelFunc context.CancelFunc
-	reader     Reader
-	metrics    RequestMetrics
+	data              map[string][]map[string]interface{}
+	mux               *mux.Router
+	listener          net.Listener
+	certFile, keyFile string
+	port              int
+	prefix            string
+	wg                sync.WaitGroup
+	ctx               context.Context
+	cancelFunc        context.CancelFunc
+	reader            Reader
+	metrics           RequestMetrics
 }
 
 func NewInMemoryServer(ctx context.Context, port int) DynamicServer {
@@ -82,6 +83,12 @@ func (s *inMemoryServer) SetupHandler(reader Reader, prefix string) (handler htt
 	return
 }
 
+func (s *inMemoryServer) WithTLS(certFile, keyFile string) DynamicServer {
+	s.certFile = certFile
+	s.keyFile = keyFile
+	return s
+}
+
 func (s *inMemoryServer) Load() (err error) {
 	var server *Server
 	if server, err = s.reader.Parse(); err != nil {
@@ -129,9 +136,7 @@ func (s *inMemoryServer) httpProxy(proxy *Proxy) {
 			proxy.Target += "/"
 		}
 		targetPath := strings.TrimPrefix(req.URL.Path, s.prefix)
-		if strings.HasPrefix(targetPath, "/") {
-			targetPath = strings.TrimPrefix(targetPath, "/")
-		}
+		targetPath = strings.TrimPrefix(targetPath, "/")
 
 		apiRaw := fmt.Sprintf("%s%s", proxy.Target, targetPath)
 		api, err := render.Render("proxy api", apiRaw, s)
@@ -238,7 +243,14 @@ func (s *inMemoryServer) Start(reader Reader, prefix string) (err error) {
 	if handler, err = s.SetupHandler(reader, prefix); err == nil {
 		if s.listener, err = net.Listen("tcp", fmt.Sprintf(":%d", s.port)); err == nil {
 			go func() {
-				err = http.Serve(s.listener, handler)
+				if s.certFile != "" && s.keyFile != "" {
+					if err = http.ServeTLS(s.listener, handler, s.certFile, s.keyFile); err != nil {
+						memLogger.Error(err, "failed to start TLS mock server")
+					}
+				} else {
+					memLogger.Info("start HTTP mock server")
+					err = http.Serve(s.listener, handler)
+				}
 			}()
 		}
 	}

pkg/mock/server.go

@@ -26,6 +26,7 @@ type Loadable interface {
 type DynamicServer interface {
 	Start(reader Reader, prefix string) error
 	SetupHandler(reader Reader, prefix string) (http.Handler, error)
+	WithTLS(certFile, keyFile string) DynamicServer
 	Stop() error
 	GetPort() string
 	EnableMetrics()

tools/make/run.mk

@@ -15,6 +15,12 @@ run-backend:
 	go run . server --local-storage 'bin/*.yaml' --console-path ${ATEST_UI}/dist \
 		--extension-registry ghcr.io --download-timeout 10m
 
+run-tls-backend:
+	go run . server --local-storage 'bin/*.yaml' --console-path ${ATEST_UI}/dist \
+		--extension-registry ghcr.io --download-timeout 10m \
+		--tls --cert-file e2e/test.pem \
+		--key-file e2e/test.key
+
 .PHONY: run-console
 run-console: ## Run the API Testing console
 run-console: