Skip to content

Commit

Permalink
feat: Add support for enabling insecure TLS to the PactBrokerLoader.
Browse files Browse the repository at this point in the history
  • Loading branch information
Colin Anderson committed Apr 7, 2022
1 parent 1e270c5 commit abee6c3
Show file tree
Hide file tree
Showing 4 changed files with 99 additions and 3 deletions.
1 change: 1 addition & 0 deletions docs/system-properties.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ Theses are all the system properties used by Pact-JVM
| pactbroker.auth.username | Verification (JUnit, JUnit 5) | string value | n | y | n | Username to use when fetching pacts to verify. |
| pactbroker.auth.password | Verification (JUnit, JUnit 5) | string value | n | y | n | Password to use when fetching pacts to verify. |
| pactbroker.auth.token | Verification (JUnit, JUnit 5) | string value | n | y | n | Bearer token to use when fetching pacts to verify. |
| pactbroker.enableInsecureTls | Verification (JUnit, JUnit 5) | true, false | n | y | n | Enabling insecure TLS by setting this to true will disable hostname validation and trust all certificates. Use with caution. |
| pactbroker.enablePending | Verification (JUnit, JUnit 5) | true, false | n | y | n | If the pending pacts feature should be enabled when fetching pacts to verify. When this is set to true, the provider tags property also needs to be set (pactbroker.providerTags). |
| pactbroker.providerTags | Verification (JUnit, JUnit 5) | tag names | y | y | n | Provider Tags to use to evaluate pending pacts when fetching pacts to verify. |
| pactbroker.includeWipPactsSince | Verification (JUnit, JUnit 5) | ISO date (YYYY-MM-DD) | n | y | n | The earliest date WIP pacts should be included (ex: YYYY-MM-DD). If no date is provided, WIP pacts will not be included. |
Expand Down
88 changes: 87 additions & 1 deletion .../junit/src/test/groovy/au/com/dius/pact/provider/junit/loader/PactBrokerLoaderSpec.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import au.com.dius.pact.core.pactbroker.IPactBrokerClient
import au.com.dius.pact.core.pactbroker.InvalidHalResponse
import au.com.dius.pact.core.pactbroker.InvalidNavigationRequest
import au.com.dius.pact.core.pactbroker.PactBrokerResult
import au.com.dius.pact.core.support.expressions.DataType
import au.com.dius.pact.core.support.expressions.ExpressionParser
import au.com.dius.pact.core.support.expressions.SystemPropertyResolver
import au.com.dius.pact.core.support.expressions.ValueResolver
Expand Down Expand Up @@ -46,6 +47,7 @@ class PactBrokerLoaderSpec extends Specification {
private Pact mockPact
private PactReader mockReader
private ValueResolver valueResolver
private String enableInsecureTls
private ExpressionParser expressionParser

void setup() {
Expand All @@ -67,13 +69,14 @@ class PactBrokerLoaderSpec extends Specification {
loadPact(_) >> mockPact
}
valueResolver = null
enableInsecureTls = ''
expressionParser = new ExpressionParser()

pactBrokerLoader = { boolean failIfNoPactsFound = true ->
IPactBrokerClient client = brokerClient
def loader = new PactBrokerLoader(host, port, protocol, tags, consumerVersionSelectors, consumers,
failIfNoPactsFound, null, null, valueResolver, enablePendingPacts, providerTags, includeWipPactsSince, url,
expressionParser) {
enableInsecureTls, expressionParser) {
@Override
IPactBrokerClient newPactBrokerClient(URI url, ValueResolver resolver) {
client
Expand Down Expand Up @@ -1355,6 +1358,84 @@ class PactBrokerLoaderSpec extends Specification {
thrown(InvalidNavigationRequest)
}

void 'Does not enable insecure TLS when not set in PactBroker annotation and not using the fallback system property'() {
given:
pactBrokerLoader = {
new PactBrokerLoader(FullPactBrokerAnnotation.getAnnotation(PactBroker)) {
@Override
IPactBrokerClient newPactBrokerClient(URI url, ValueResolver resolver) {
assert !expressionParser.parseExpression(enableInsecureTls, DataType.BOOLEAN, resolver) as Boolean
brokerClient
}
}
}

when:
def result = pactBrokerLoader().load('test')

then:
result == []
1 * brokerClient.fetchConsumersWithSelectors('test', _, _, _, _) >> new Ok([])
}

void 'Enables insecure TLS from explicit PactBroker annotation setting'() {
given:
pactBrokerLoader = {
new PactBrokerLoader(EnableInsecureTlsPactBrokerAnnotation.getAnnotation(PactBroker)) {
@Override
IPactBrokerClient newPactBrokerClient(URI url, ValueResolver resolver) {
assert expressionParser.parseExpression(enableInsecureTls, DataType.BOOLEAN, resolver) as Boolean
brokerClient
}
}
}

when:
def result = pactBrokerLoader().load('test')

then:
result == []
1 * brokerClient.fetchConsumersWithSelectors('test', _, _, _, _) >> new Ok([])
}

@RestoreSystemProperties
void 'Enables insecure TLS using fallback PactBroker annotation system property'() {
given:
System.setProperty('pactbroker.host', 'my.pactbroker.host')
System.setProperty('pactbroker.port', '4711')
System.setProperty('pactbroker.enableInsecureTls', 'true')
pactBrokerLoader = {
new PactBrokerLoader(MinimalPactBrokerAnnotation.getAnnotation(PactBroker)) {
@Override
IPactBrokerClient newPactBrokerClient(URI url, ValueResolver resolver) {
assert expressionParser.parseExpression(enableInsecureTls, DataType.BOOLEAN, resolver) as Boolean
brokerClient
}
}
}

when:
def result = pactBrokerLoader().load('test')

then:
result == []
1 * brokerClient.fetchConsumersWithSelectors('test', _, _, _, _) >> new Ok([])
}

def 'Uses the insecure TlS setting when creating the PactBrokerClient'() {
given:
pactBrokerLoader = {
new PactBrokerLoader(EnableInsecureTlsPactBrokerAnnotation.getAnnotation(PactBroker))
}

when:
def pactBrokerClient = pactBrokerLoader()
.newPactBrokerClient(new URI('http://localhost'), new SystemPropertyResolver())

then:
pactBrokerClient.config.insecureTLS == true
}

private static VersionSelector createVersionSelector(Map args = [:]) {
new VersionSelector() {
@Override
Expand Down Expand Up @@ -1444,4 +1525,9 @@ class PactBrokerLoaderSpec extends Specification {

}

@PactBroker(host = 'pactbroker.host', port = '1000', enableInsecureTls = 'true')
static class EnableInsecureTlsPactBrokerAnnotation {

}

}
6 changes: 6 additions & 0 deletions provider/src/main/java/au/com/dius/pact/provider/junitsupport/loader/PactBroker.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,4 +101,10 @@ PactBrokerAuth authentication() default @PactBrokerAuth(username = "${pactbroker
* included.
*/
String includeWipPactsSince() default "${pactbroker.includeWipPactsSince:}";

/**
* Enabling insecure TLS by setting this to true will disable hostname validation and trust all certificates. Use with caution.
* This can be set with the pactbroker.enableInsecureTls JVM system property.
*/
String enableInsecureTls() default "${pactbroker.enableInsecureTls:false}";
}
7 changes: 5 additions & 2 deletions provider/src/main/kotlin/au/com/dius/pact/provider/junitsupport/loader/PactBrokerLoader.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ open class PactBrokerLoader(
val providerTags: List<String> = emptyList(),
val includeWipPactsSince: String = "",
val pactBrokerUrl: String? = null,
val enableInsecureTls: String = "false",
val ep: ExpressionParser = ExpressionParser()
) : OverrideablePactLoader {

Expand All @@ -79,7 +80,8 @@ open class PactBrokerLoader(
pactBroker.enablePendingPacts,
pactBroker.providerTags.toList(),
pactBroker.includeWipPactsSince,
pactBroker.url
pactBroker.url,
pactBroker.enableInsecureTls
)

override fun description(): String {
Expand Down Expand Up @@ -305,7 +307,8 @@ open class PactBrokerLoader(

open fun newPactBrokerClient(url: URI, resolver: ValueResolver): IPactBrokerClient {
var options = mapOf<String, Any>()
val config = PactBrokerClientConfig()
val insecureTls = ep.parseExpression(enableInsecureTls, DataType.BOOLEAN, resolver) as Boolean
val config = PactBrokerClientConfig(insecureTLS = insecureTls)

if (authentication == null) {
logger.debug { "Authentication: None" }
Expand Down

0 comments on commit abee6c3

Please sign in to comment.