Add TLS client config in request action

Author: bukka

.mockery.yaml

@@ -11,6 +11,7 @@ packages:
       HttpClient: {}
       VegetaAttacker: {}
       VegetaMetrics: {}
+      X509CertPool: {}
   github.com/wstool/wst/conf:
     config:
       dir: mocks/generated/conf

TODO.md

@@ -49,9 +49,6 @@ in the future.
 
 #### Structure - Instances, Actions, Servers, Services
 
-- add https verification options for request and bench
-  - it should allow extending cert store with a selected cert
-  - it should also allow disabling the verification
 - http/2 requests
   - add http_version field to the request action
   - update the client to allow using http/2
@@ -77,6 +74,9 @@ in the future.
 - support metrics server expectation
 - custom server actions for parallel and not action
   - this is mainly for completeness with sequential and might be also useful in some cases
+- support TLS config in bench action
+  - this will likely require using custom transport
+- extend TLS config for request and bench to support client cert
 - integrate better instance action identification
   - it should introduce name for each action and also pass parent name to nested actions in `parallel` or `not`
 - add execute action custom environment variables support

app/foundation.go

@@ -16,11 +16,13 @@ package app
 
 import (
 	"context"
+	"net/http"
+	"os"
+	"os/user"
+
 	"github.com/google/uuid"
 	"github.com/spf13/afero"
 	"go.uber.org/zap"
-	"os"
-	"os/user"
 )
 
 type Foundation interface {
@@ -35,7 +37,8 @@ type Foundation interface {
 	UserHomeDir() (string, error)
 	LookupEnvVar(key string) (string, bool)
 	ExecCommand(ctx context.Context, name string, args []string) Command
-	HttpClient() HttpClient
+	HttpClient(tr *http.Transport) HttpClient
+	X509CertPool() X509CertPool
 	VegetaAttacker() VegetaAttacker
 	VegetaMetrics() VegetaMetrics
 	GenerateUuid() string
@@ -112,11 +115,15 @@ func (f *DefaultFoundation) ExecCommand(ctx context.Context, name string, args [
 	return NewExecCommand(ctx, name, args)
 }
 
-func (f *DefaultFoundation) HttpClient() HttpClient {
+func (f *DefaultFoundation) HttpClient(tr *http.Transport) HttpClient {
 	if f.dryRun {
 		return NewDryRunHttpClient()
 	}
-	return NewRealHttpClient()
+	return NewRealHttpClient(tr)
+}
+
+func (f *DefaultFoundation) X509CertPool() X509CertPool {
+	return NewX509CertPool()
 }
 
 func (f *DefaultFoundation) VegetaMetrics() VegetaMetrics {

app/http.go

@@ -47,8 +47,10 @@ func (c *RealHttpClient) Do(req *http.Request) (*http.Response, error) {
 	return c.client.Do(req)
 }
 
-func NewRealHttpClient() HttpClient {
+func NewRealHttpClient(tr *http.Transport) HttpClient {
 	return &RealHttpClient{
-		client: &http.Client{},
+		client: &http.Client{
+			Transport: tr,
+		},
 	}
 }

app/x509.go

@@ -0,0 +1,26 @@
+package app
+
+import "crypto/x509"
+
+type X509CertPool interface {
+	AppendCertFromPEM(pem string) bool
+	CertPool() *x509.CertPool
+}
+
+type x509CertPoolImpl struct {
+	x509CertPool *x509.CertPool
+}
+
+func (x x509CertPoolImpl) CertPool() *x509.CertPool {
+	return x.x509CertPool
+}
+
+func (x x509CertPoolImpl) AppendCertFromPEM(pem string) bool {
+	return x.x509CertPool.AppendCertsFromPEM([]byte(pem))
+}
+
+func NewX509CertPool() X509CertPool {
+	return &x509CertPoolImpl{
+		x509CertPool: x509.NewCertPool(),
+	}
+}

conf/types/action.go

@@ -108,17 +108,23 @@ type ExecuteAction struct {
 	Env            map[string]string `wst:"env"`
 }
 
+type TLSClientConfig struct {
+	SkipVerify bool   `wst:"skip_verify,default=false"`
+	CACert     string `wst:"ca_certificate"`
+}
+
 type RequestAction struct {
-	Service    string  `wst:"service"`
-	Timeout    int     `wst:"timeout"`
-	When       string  `wst:"when,enum=always|on_success|on_failure,default=on_success"`
-	OnFailure  string  `wst:"on_failure,enum=fail|ignore|skip,default=fail"`
-	Id         string  `wst:"id,default=last"`
-	Scheme     string  `wst:"scheme,enum=http|https,default=http"`
-	Path       string  `wst:"path"`
-	EncodePath bool    `wst:"encode_path,default=true"`
-	Method     string  `wst:"method,enum=GET|HEAD|DELETE|POST|PUT|PATCH|PURGE,default=GET"`
-	Headers    Headers `wst:"headers"`
+	Service    string          `wst:"service"`
+	Timeout    int             `wst:"timeout"`
+	When       string          `wst:"when,enum=always|on_success|on_failure,default=on_success"`
+	OnFailure  string          `wst:"on_failure,enum=fail|ignore|skip,default=fail"`
+	Id         string          `wst:"id,default=last"`
+	Scheme     string          `wst:"scheme,enum=http|https,default=http"`
+	Path       string          `wst:"path"`
+	EncodePath bool            `wst:"encode_path,default=true"`
+	Method     string          `wst:"method,enum=GET|HEAD|DELETE|POST|PUT|PATCH|PURGE,default=GET"`
+	Headers    Headers         `wst:"headers"`
+	TLS        TLSClientConfig `wst:"tls"`
 }
 
 type BenchAction struct {