proxy: Respect insecure_skip_verify for health check (#1558)

* Respect the 'insecure_skip_verify' for the health check. * WIP: Trying to add a test. Non functional. * Fixing tests. * Creating better error messages. * Optimize two more error messages. * Move the tests into an extra function.

proxy: Respect insecure_skip_verify for health check (#1558)
* Respect the 'insecure_skip_verify' for the health check. * WIP: Trying to add a test. Non functional. * Fixing tests. * Creating better error messages. * Optimize two more error messages. * Move the tests into an extra function.
c0ce2b1d · Peer Beckmann · Matt Holt · 59bf71c2 · c0ce2b1d · c0ce2b1d
Commit c0ce2b1d authored Apr 03, 2017 by Peer Beckmann Committed by Matt Holt Apr 03, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 42 additions and 1 deletion

caddyhttp/proxy/upstream.go caddyhttp/proxy/upstream.go +5 -0

caddyhttp/proxy/upstream_test.go caddyhttp/proxy/upstream_test.go +37 -1

No files found.
--- a/caddyhttp/proxy/upstream.go
+++ b/caddyhttp/proxy/upstream.go
@@ -13,6 +13,8 @@ import (
 	"sync/atomic"
 	"time"

+	"crypto/tls"
+
 	"github.com/mholt/caddy/caddyfile"
 	"github.com/mholt/caddy/caddyhttp/httpserver"
 )
@@ -112,6 +114,9 @@ func NewStaticUpstreams(c caddyfile.Dispenser) ([]Upstream, error) {
 		if upstream.HealthCheck.Path != "" {
 			upstream.HealthCheck.Client = http.Client{
 				Timeout: upstream.HealthCheck.Timeout,
+				Transport: &http.Transport{
+					TLSClientConfig: &tls.Config{InsecureSkipVerify: upstream.insecureSkipVerify},
+				},
 			}
 			upstream.wg.Add(1)
 			go func() {

--- a/caddyhttp/proxy/upstream_test.go
+++ b/caddyhttp/proxy/upstream_test.go
@@ -279,7 +279,7 @@ func TestParseBlock(t *testing.T) {
 	for i, test := range tests {
 		upstreams, err := NewStaticUpstreams(caddyfile.NewDispenser("Testfile", strings.NewReader(test.config)))
 		if err != nil {
-			t.Error("Expected no error. Got:", err.Error())
+			t.Errorf("Expected no error. Got: %s", err.Error())
 		}
 		for _, upstream := range upstreams {
 			headers := upstream.Select(r).UpstreamHeaders
@@ -298,3 +298,39 @@ func TestParseBlock(t *testing.T) {
 		}
 	}
 }
+
+func TestHealthSetUp(t *testing.T) {
+	// tests for insecure skip verify
+	isv_tests := []struct {
+		config string
+		flag   bool
+	}{
+		// Test #1: without flag
+		{"proxy / localhost:8080 {\n health_check / \n}", false},
+
+		// Test #2: with flag
+		{"proxy / localhost:8080 {\n health_check / \n insecure_skip_verify \n}", true},
+	}
+
+	for i, test := range isv_tests {
+		upstreams, err := NewStaticUpstreams(caddyfile.NewDispenser("Testfile", strings.NewReader(test.config)))
+		if err != nil {
+			t.Errorf("Expected no error. Got: %s", err.Error())
+		}
+		for _, upstream := range upstreams {
+			staticUpstream, ok := upstream.(*staticUpstream)
+			if !ok {
+				t.Errorf("type mismatch: %#v", upstream)
+				continue
+			}
+			transport, ok := staticUpstream.HealthCheck.Client.Transport.(*http.Transport)
+			if !ok {
+				t.Errorf("type mismatch: %#v", staticUpstream.HealthCheck.Client.Transport)
+				continue
+			}
+			if test.flag != transport.TLSClientConfig.InsecureSkipVerify {
+				t.Errorf("test %d: expected transport.TLSClientCnfig.InsecureSkipVerify=%v, got %v", i, test.flag, transport.TLSClientConfig.InsecureSkipVerify)
+			}
+		}
+	}
+}