func (s *httpSuite) TestValidatingClientGetter(c *gc.C) {
client := utils.GetValidatingHTTPClient()
_, err := client.Get(s.Server.URL)
c.Assert(err, gc.ErrorMatches, "(.|\n)*x509: certificate signed by unknown authority")
client1 := utils.GetValidatingHTTPClient()
c.Assert(client1, gc.Not(gc.Equals), client)
}
func checkFileHasContents(c *gc.C, stor storage.StorageReader, name string, contents []byte, attempt utils.AttemptStrategy) {
r, err := storage.GetWithRetry(stor, name, attempt)
c.Assert(err, gc.IsNil)
c.Check(r, gc.NotNil)
defer r.Close()
data, err := ioutil.ReadAll(r)
c.Check(err, gc.IsNil)
c.Check(data, gc.DeepEquals, contents)
url, err := stor.URL(name)
c.Assert(err, gc.IsNil)
var resp *http.Response
for a := attempt.Start(); a.Next(); {
resp, err = utils.GetValidatingHTTPClient().Get(url)
c.Assert(err, gc.IsNil)
if resp.StatusCode != 404 {
break
}
c.Logf("get retrying after earlier get succeeded. *sigh*.")
}
c.Assert(err, gc.IsNil)
data, err = ioutil.ReadAll(resp.Body)
c.Assert(err, gc.IsNil)
defer resp.Body.Close()
c.Assert(resp.StatusCode, gc.Equals, 200, gc.Commentf("error response: %s", data))
c.Check(data, gc.DeepEquals, contents)
}
// downloadToolsRaw downloads the supplied tools and returns the raw bytes.
func downloadToolsRaw(c *gc.C, t *coretools.Tools) []byte {
resp, err := utils.GetValidatingHTTPClient().Get(t.URL)
c.Assert(err, gc.IsNil)
defer resp.Body.Close()
c.Assert(resp.StatusCode, gc.Equals, http.StatusOK)
var buf bytes.Buffer
_, err = io.Copy(&buf, resp.Body)
c.Assert(err, gc.IsNil)
return buf.Bytes()
}
// downloadTools downloads the supplied tools and extracts them into a
// new directory.
func downloadTools(c *gc.C, t *coretools.Tools) string {
resp, err := utils.GetValidatingHTTPClient().Get(t.URL)
c.Assert(err, gc.IsNil)
defer resp.Body.Close()
cmd := exec.Command("tar", "xz")
cmd.Dir = c.MkDir()
cmd.Stdin = resp.Body
out, err := cmd.CombinedOutput()
c.Assert(err, gc.IsNil, gc.Commentf(string(out)))
return cmd.Dir
}
// NewHTTPClient returns an HTTP client initialized based on State.
func (s *State) NewHTTPClient() *http.Client {
httpclient := utils.GetValidatingHTTPClient()
tlsconfig := tls.Config{
RootCAs: s.certPool,
// We want to be specific here (rather than just using "anything".
// See commit 7fc118f015d8480dfad7831788e4b8c0432205e8 (PR 899).
ServerName: "juju-apiserver",
}
httpclient.Transport = utils.NewHttpTLSTransport(&tlsconfig)
return httpclient
}
// PrimeTools sets up the current version of the tools to vers and
// makes sure that they're available in the dataDir.
func PrimeTools(c *gc.C, stor storage.Storage, dataDir, toolsDir string, vers version.Binary) *coretools.Tools {
err := os.RemoveAll(filepath.Join(dataDir, "tools"))
c.Assert(err, jc.ErrorIsNil)
agentTools, err := uploadFakeToolsVersion(stor, toolsDir, vers)
c.Assert(err, jc.ErrorIsNil)
resp, err := utils.GetValidatingHTTPClient().Get(agentTools.URL)
c.Assert(err, jc.ErrorIsNil)
defer resp.Body.Close()
err = agenttools.UnpackTools(dataDir, agentTools, resp.Body)
c.Assert(err, jc.ErrorIsNil)
return agentTools
}
// copyOneToolsPackage copies one tool from the source to the target.
func copyOneToolsPackage(tool *coretools.Tools, dest storage.Storage) error {
toolsName := envtools.StorageName(tool.Version)
logger.Infof("copying %v", toolsName)
resp, err := utils.GetValidatingHTTPClient().Get(tool.URL)
if err != nil {
return err
}
buf := &bytes.Buffer{}
srcFile := resp.Body
defer srcFile.Close()
tool.SHA256, tool.Size, err = utils.ReadSHA256(io.TeeReader(srcFile, buf))
if err != nil {
return err
}
sizeInKB := (tool.Size + 512) / 1024
logger.Infof("downloaded %v (%dkB), uploading", toolsName, sizeInKB)
logger.Infof("download %dkB, uploading", sizeInKB)
return dest.Put(toolsName, buf, tool.Size)
}
// copyOneToolsPackage copies one tool from the source to the target.
func copyOneToolsPackage(tools *coretools.Tools, u ToolsUploader) error {
toolsName := envtools.StorageName(tools.Version)
logger.Infof("downloading %v (%v)", toolsName, tools.URL)
resp, err := utils.GetValidatingHTTPClient().Get(tools.URL)
if err != nil {
return err
}
defer resp.Body.Close()
// Verify SHA-256 hash.
var buf bytes.Buffer
sha256, size, err := utils.ReadSHA256(io.TeeReader(resp.Body, &buf))
if err != nil {
return err
}
if tools.SHA256 == "" {
logger.Warningf("no SHA-256 hash for %v", tools.SHA256)
} else if sha256 != tools.SHA256 {
return errors.Errorf("SHA-256 hash mismatch (%v/%v)", sha256, tools.SHA256)
}
sizeInKB := (size + 512) / 1024
logger.Infof("uploading %v (%dkB) to environment", toolsName, sizeInKB)
return u.UploadTools(tools, buf.Bytes())
}
func (s *httpSuite) TestValidatingClientGetter(c *gc.C) {
client1 := utils.GetValidatingHTTPClient()
client2 := utils.GetHTTPClient(utils.VerifySSLHostnames)
c.Check(client1, gc.Equals, client2)
}
func (s *dialSuite) TestSecureClientNoAccess(c *gc.C) {
s.PatchValue(&utils.OutgoingAccessAllowed, false)
_, err := utils.GetValidatingHTTPClient().Get("http://10.0.0.1:1234")
c.Assert(err, gc.ErrorMatches, `.*access to address "10.0.0.1:1234" not allowed`)
}
// Client returns a storage object that will talk to the
// storage server at the given network address (see Serve)
func Client(addr string) storage.Storage {
return &localStorage{
addr: addr,
client: utils.GetValidatingHTTPClient(),
}
}
func (s *httpDialSuite) TestSecureClientAllowAccess(c *gc.C) {
_, err := utils.GetValidatingHTTPClient().Get("http://0.1.2.3:1234")
c.Assert(err, gc.ErrorMatches, `Get http://0.1.2.3:1234: dial tcp 0.1.2.3:1234: connect: .*`)
}