...
When application is setup for TLS and auth.method = "basicAuth", healthcheck endpoint must be using 8443 (change submitted to override and support 8080 for healthcheck is not required nor valid) .
To change VES Collector flag to basic.auth and adopt healthhecks to use HTTPS, there is need to change VES blueprints. Steps:
...
must be send via HTTPS and has basicAuth user/pass in header.
Tests were done without adopting healthcecks. Healthchecks and rediness probe was tourn off to have VES Collector running.
| TC ID | Test Case Name | Test Case Description | Expected Result | Test Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| T01 | Client with correct basic auth and correct certificate | curl -vk --cert rootCA.crt --key rootCA.key --pass collector -u sample1:sample1 -X POST https://192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json" | PASS. HTTP/1.1 202 |
| ||||||
| T02 | Client with correct basic auth and incorrect certificate | curl -vk -u sample1:sample1 -X --cert incorrect_rootCA.crt --key rootCA.key --pass collector POST https://192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json" | PASS. HTTP/1.1 202 |
| ||||||
| T03 | Client with correct basic auth and without certificate | curl -vk -u sample1:sample1 -X POST https://192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json" | PASS. HTTP/1.1 202 |
| ||||||
| T04 | Client without basic auth and without certificate | curl -vk -X POST https://192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json" | FAIL, HTTP/1.1 401 |
| ||||||
| T05 | Client without basic auth and with correct certificate | curl -vk --cert rootCA.crt --key rootCA.key --pass collector -X POST https://192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json" | FAIL, HTTP/1.1 401 |
| ||||||
| T06 | Client with incorrect basic auth and with correct certificate | curl -vk --cert rootCA.crt --key rootCA.key --pass collector -u sample2:sample1 -X POS https://192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json" curl -vk --cert rootCA.crt --key rootCA.key --pass collector -u sample1:sample2 -X POS https://192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json" | FAIL, HTTP/1.1 401 |
| ||||||
| T07 | Client with incorrect basic auth and without certificate | curl -vk -u sample2:sample1 -X POS https://192.168.0.22:30417/eventListener/v7 -d @event.json --header "Content-Type: application/json" | FAIL , HTTP/1.1 401 |
|
High level test cases for auth.method = "certOnly" :
| TC ID | Test Case Name | Test Case Description | Expected Result | Test Status |
|---|---|---|---|---|
| T01 |
...
curl -vk --cert rootCA.crt --key rootCA.key --pass collector -u sample1:sample1-X POST https://192.168.0.22:30417/eventListener/v7 -d @event.json "Content-Type: application/json"
T02
T03
...
| Client with correct basic auth and correct certificate | PASS. HTTP/1.1 202 |
| ||||||||
| T02 | Client with incorrect basic auth and correct certificate | PASS. HTTP/1.1 202 |
| |||||||
| T03 | Client without basic auth and with correct certificate | PASS. HTTP/1.1 202 |
| |||||||
| T04 | Client without basic auth and without certificate | FAIL, HTTP/1.1 401 |
| |||||||
| T05 | Client with correct basic auth and without certificate | FAIL, HTTP/1.1 401 |
| |||||||
| T06 | Client with correct basic auth and with incorrect certificate | FAIL, HTTP/1.1 401 |
| |||||||
| T07 | Client with without basic auth and with incorrect certificate | FAIL , HTTP/1.1 401 |
|