feat: Add support for enabling insecure TLS to the PactBrokerLoader.

pact-foundation · Apr 13, 2022 · c3ea569 · c3ea569
1 parent 8a97a23
commit c3ea569
Show file tree

Hide file tree

Showing 3 changed files with 101 additions and 4 deletions.
diff --git a/.../junit/src/test/groovy/au/com/dius/pact/provider/junit/loader/PactBrokerLoaderSpec.groovy b/.../junit/src/test/groovy/au/com/dius/pact/provider/junit/loader/PactBrokerLoaderSpec.groovy
@@ -8,6 +8,8 @@ import au.com.dius.pact.core.pactbroker.IPactBrokerClient
 import au.com.dius.pact.core.pactbroker.InvalidHalResponse
 import au.com.dius.pact.core.pactbroker.InvalidNavigationRequest
 import au.com.dius.pact.core.pactbroker.PactBrokerResult
+import au.com.dius.pact.core.support.expressions.DataType
+import au.com.dius.pact.core.support.expressions.ExpressionParser
 import au.com.dius.pact.core.support.expressions.SystemPropertyResolver
 import au.com.dius.pact.core.support.expressions.ValueResolver
 import au.com.dius.pact.provider.junitsupport.loader.VersionSelector
@@ -45,6 +47,7 @@ class PactBrokerLoaderSpec extends Specification {
   private Pact mockPact
   private PactReader mockReader
   private ValueResolver valueResolver
+  private String enableInsecureTls
 
   void setup() {
     host = 'pactbroker'
@@ -65,11 +68,13 @@ class PactBrokerLoaderSpec extends Specification {
       loadPact(_) >> mockPact
     }
     valueResolver = null
+    enableInsecureTls = ''
 
     pactBrokerLoader = { boolean failIfNoPactsFound = true ->
       IPactBrokerClient client = brokerClient
       def loader = new PactBrokerLoader(host, port, protocol, tags, consumerVersionSelectors, consumers,
-        failIfNoPactsFound, null, null, valueResolver, enablePendingPacts, providerTags, includeWipPactsSince, url) {
+        failIfNoPactsFound, null, null, valueResolver, enablePendingPacts, providerTags, includeWipPactsSince, url,
+              enableInsecureTls) {
         @Override
         IPactBrokerClient newPactBrokerClient(URI url, ValueResolver resolver) {
           client
@@ -1261,6 +1266,84 @@ class PactBrokerLoaderSpec extends Specification {
     thrown(InvalidNavigationRequest)
   }
 
+  void 'Does not enable insecure TLS when not set in PactBroker annotation and not using the fallback system property'() {
+    given:
+    pactBrokerLoader = {
+      new PactBrokerLoader(FullPactBrokerAnnotation.getAnnotation(PactBroker)) {
+        @Override
+        IPactBrokerClient newPactBrokerClient(URI url, ValueResolver resolver) {
+          assert !ExpressionParser.parseExpression(enableInsecureTls, DataType.BOOLEAN, resolver) as Boolean
+          brokerClient
+        }
+      }
+    }
+
+    when:
+    def result = pactBrokerLoader().load('test')
+
+    then:
+    result == []
+    1 * brokerClient.fetchConsumersWithSelectors('test', _, _, _, _) >> new Ok([])
+  }
+
+  void 'Enables insecure TLS from explicit PactBroker annotation setting'() {
+    given:
+    pactBrokerLoader = {
+      new PactBrokerLoader(EnableInsecureTlsPactBrokerAnnotation.getAnnotation(PactBroker)) {
+        @Override
+        IPactBrokerClient newPactBrokerClient(URI url, ValueResolver resolver) {
+          assert ExpressionParser.parseExpression(enableInsecureTls, DataType.BOOLEAN, resolver) as Boolean
+          brokerClient
+        }
+      }
+    }
+
+    when:
+    def result = pactBrokerLoader().load('test')
+
+    then:
+    result == []
+    1 * brokerClient.fetchConsumersWithSelectors('test', _, _, _, _) >> new Ok([])
+  }
+
+  @RestoreSystemProperties
+  void 'Enables insecure TLS using fallback PactBroker annotation system property'() {
+    given:
+    System.setProperty('pactbroker.host', 'my.pactbroker.host')
+    System.setProperty('pactbroker.port', '4711')
+    System.setProperty('pactbroker.enableInsecureTls', 'true')
+    pactBrokerLoader = {
+      new PactBrokerLoader(MinimalPactBrokerAnnotation.getAnnotation(PactBroker)) {
+        @Override
+        IPactBrokerClient newPactBrokerClient(URI url, ValueResolver resolver) {
+          assert ExpressionParser.parseExpression(enableInsecureTls, DataType.BOOLEAN, resolver) as Boolean
+          brokerClient
+        }
+      }
+    }
+
+    when:
+    def result = pactBrokerLoader().load('test')
+
+    then:
+    result == []
+    1 * brokerClient.fetchConsumersWithSelectors('test', _, _, _, _) >> new Ok([])
+  }
+
+  def 'Uses the insecure TlS setting when creating the PactBrokerClient'() {
+    given:
+    pactBrokerLoader = {
+      new PactBrokerLoader(EnableInsecureTlsPactBrokerAnnotation.getAnnotation(PactBroker))
+    }
+
+    when:
+    def pactBrokerClient = pactBrokerLoader()
+            .newPactBrokerClient(new URI('http://localhost'), new SystemPropertyResolver())
+
+    then:
+    pactBrokerClient.config.insecureTLS == true
+  }
+
   private static VersionSelector createVersionSelector(Map args = [:]) {
     new VersionSelector() {
       @Override
@@ -1350,4 +1433,9 @@ class PactBrokerLoaderSpec extends Specification {
 
   }
 
+  @PactBroker(host = 'pactbroker.host', port = '1000', enableInsecureTls = 'true')
+  static class EnableInsecureTlsPactBrokerAnnotation {
+
+  }
+
 }
diff --git a/provider/src/main/java/au/com/dius/pact/provider/junitsupport/loader/PactBroker.java b/provider/src/main/java/au/com/dius/pact/provider/junitsupport/loader/PactBroker.java
@@ -101,4 +101,10 @@ PactBrokerAuth authentication() default @PactBrokerAuth(username = "${pactbroker
    * included.
    */
   String includeWipPactsSince() default "${pactbroker.includeWipPactsSince:}";
+
+  /**
+   * Enabling insecure TLS by setting this to true will disable hostname validation and trust all certificates. Use with caution.
+   * This can be set with the pactbroker.enableInsecureTls JVM system property.
+   */
+  String enableInsecureTls() default "${pactbroker.enableInsecureTls:false}";
 }
diff --git a/provider/src/main/kotlin/au/com/dius/pact/provider/junitsupport/loader/PactBrokerLoader.kt b/provider/src/main/kotlin/au/com/dius/pact/provider/junitsupport/loader/PactBrokerLoader.kt
@@ -56,7 +56,8 @@ open class PactBrokerLoader(
   val enablePendingPacts: String = "false",
   val providerTags: List<String> = emptyList(),
   val includeWipPactsSince: String = "",
-  val pactBrokerUrl: String? = null
+  val pactBrokerUrl: String? = null,
+  val enableInsecureTls: String = "false"
 ) : OverrideablePactLoader {
 
   private var resolver: ValueResolver? = valueResolver
@@ -79,7 +80,8 @@ open class PactBrokerLoader(
     pactBroker.enablePendingPacts,
     pactBroker.providerTags.toList(),
     pactBroker.includeWipPactsSince,
-    pactBroker.url
+    pactBroker.url,
+    pactBroker.enableInsecureTls
   )
 
   override fun description(): String {
@@ -294,7 +296,8 @@ open class PactBrokerLoader(
 
   open fun newPactBrokerClient(url: URI, resolver: ValueResolver): IPactBrokerClient {
     var options = mapOf<String, Any>()
-    val config = PactBrokerClientConfig()
+    val insecureTls = parseExpression(enableInsecureTls, DataType.BOOLEAN, resolver) as Boolean
+    val config = PactBrokerClientConfig(insecureTLS = insecureTls)
 
     if (authentication == null) {
       logger.debug { "Authentication: None" }