logWriter.Ignore("client didn't provide a certificate") _, err := spec.HttpPut(url, tarballPath, spec.CertFor("directorWithWrongCA")) Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("bad certificate")) Expect(spec.FileExists(path.Join(tmpDir, "install.log"))).To(BeFalse()) }) Context("when the client cert's distinguished name is not permitted", func() { BeforeEach(func() { allowedNames = []string{"o=bosh.not-director"} }) It("rejects the request", func() { logWriter.Capture("Unauthorized") resp, err := spec.HttpPut(url, tarballPath, directorCert) Expect(err).ToNot(HaveOccurred()) Expect(resp.StatusCode).To(Equal(http.StatusUnauthorized)) Expect(spec.FileExists(path.Join(tmpDir, "install.log"))).To(BeFalse()) Expect(logWriter.Captured()).To(ContainSubstring("ERROR - Unauthorized access: Subject")) }) }) }) Describe("PUT /self-update", func() { var url string BeforeEach(func() { url = fmt.Sprintf("https://localhost:%d/self-update", port) }) JustBeforeEach(func() { l.ListenAndServe(logger, port) })