Fix #635: Support specifying alternative provider TLS trust source(s) (#645)

* Fix #635: Support specifying alternative provider TLS trust source(s) * Update pkg/apis/options/options.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/validation/options.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Address review comments * upd CHANGELOG.md * refactor test to assert textual subjects + add openssl gen cmd Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2025-08-08 22:46:33 +02:00 · 2020-07-03 16:09:17 +01:00
parent 390d479d28
commit b0375e85fa
7 changed files with 163 additions and 18 deletions
--- a/pkg/validation/options_test.go
+++ b/pkg/validation/options_test.go
@ -366,3 +366,16 @@ func TestRealClientIPHeader(t *testing.T) {
 	assert.Equal(t, expected, err.Error())
 	assert.Nil(t, o.GetRealClientIPParser())
 }
+
+func TestProviderCAFilesError(t *testing.T) {
+	file, err := ioutil.TempFile("", "absent.*.crt")
+	assert.NoError(t, err)
+	assert.NoError(t, file.Close())
+	assert.NoError(t, os.Remove(file.Name()))
+
+	o := testOptions()
+	o.ProviderCAFiles = append(o.ProviderCAFiles, file.Name())
+	err = Validate(o)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "unable to load provider CA file(s)")
+}