Cutlery/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2026-05-26 16:52:40 -04:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
Files
8ab3020f62a36edbd2ddebb7c3bb8653e5dffeb8
caddy/modules/caddytls/tls_wildcard_test.go
T
Rijul 0fab9f0f7d
Tests / test (s390x on IBM Z) (push) Has been skipped
Details
Tests / goreleaser-check (push) Has been skipped
Details
Cross-Build / build (~1.26.0, 1.26, aix) (push) Successful in 1m24s
Details
Tests / test (./cmd/caddy/caddy, ~1.26.0, ubuntu-latest, 0, 1.26, linux) (push) Failing after 1m39s
Details
Cross-Build / build (~1.26.0, 1.26, freebsd) (push) Successful in 1m48s
Details
Cross-Build / build (~1.26.0, 1.26, dragonfly) (push) Successful in 2m32s
Details
Cross-Build / build (~1.26.0, 1.26, illumos) (push) Successful in 1m24s
Details
Cross-Build / build (~1.26.0, 1.26, darwin) (push) Successful in 3m26s
Details
Cross-Build / build (~1.26.0, 1.26, linux) (push) Successful in 2m10s
Details
Cross-Build / build (~1.26.0, 1.26, netbsd) (push) Successful in 1m58s
Details
Cross-Build / build (~1.26.0, 1.26, solaris) (push) Successful in 1m23s
Details
Lint / dependency-review (push) Failing after 24s
Details
OpenSSF Scorecard supply-chain security / Scorecard analysis (push) Failing after 27s
Details
Lint / govulncheck (push) Successful in 1m20s
Details
Lint / lint (ubuntu-latest, linux) (push) Successful in 1m44s
Details
Cross-Build / build (~1.26.0, 1.26, openbsd) (push) Successful in 3m21s
Details
Cross-Build / build (~1.26.0, 1.26, windows) (push) Successful in 2m41s
Details
Tests / test (./cmd/caddy/caddy, ~1.26.0, macos-14, 0, 1.26, mac) (push) Has been cancelled
Details
Tests / test (./cmd/caddy/caddy.exe, ~1.26.0, windows-latest, True, 1.26, windows) (push) Has been cancelled
Details
Lint / lint (macos-14, mac) (push) Has been cancelled
Details
Lint / lint (windows-latest, windows) (push) Has been cancelled
Details
caddytls: avoid duplicate automation for wildcard-covered hosts (#7697) 
* caddytls: Fix wildcard race in auto-HTTPS launch

When evaluating whether to skip managing an individual subdomain
due to an existing wildcard configuration, we now explicitly consult
the automate loader.

Because Caddy apps can start in any order, relying strictly on the
TLS app's internal management state was non-deterministic if the
HTTP app started first. Checking the automate loader guarantees
predictable behavior since it is fully populated during the
Provision phase, well before any apps are started.

* respond to review comments

1. update requested comment
2. remove personal domain from test
3. add regression test

* remove unnecessary mutex lock

* refactor: -integration test, +explicit cases

* refactor: remove redundant test, add comment

* rename file and add header

* update copyright year
2026-05-11 00:08:40 +10:00

97 lines
2.4 KiB
Go
Raw Blame History

// Copyright 2015 Matthew Holt and The Caddy Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package caddytls
import (
"encoding/json"
"testing"
"github.com/caddyserver/caddy/v2"
)
func TestAvoidDuplicateAutomation(t *testing.T) {
tests := []struct {
name string
automateNames []string
expectedToManage bool
}{
{
name: "do not manage if wildcard is automated",
automateNames: []string{"*.example.com"},
expectedToManage: false,
},
{
name: "manage if no automation configured",
automateNames: []string{},
expectedToManage: true,
},
{
name: "manage if explicitly requested even when wildcard automated",
automateNames: []string{"*.example.com", "sub.example.com"},
expectedToManage: true,
},
}
for _, tc := range tests {
t.Run(tc.name, func(t *testing.T) {
automateJSON, err := json.Marshal(tc.automateNames)
if err != nil {
t.Fatal(err)
}
tlsApp := &TLS{
Automation: &AutomationConfig{
Policies: []*AutomationPolicy{
{
IssuersRaw: []json.RawMessage{
[]byte(`{"module": "internal"}`),
},
},
},
},
CertificatesRaw: map[string]json.RawMessage{
"automate": automateJSON,
},
}
var cfg caddy.Config
ctx, err := caddy.ProvisionContext(&cfg)
if err != nil {
t.Fatal(err)
}
if err := tlsApp.Provision(ctx); err != nil {
t.Fatal(err)
}
// simulate a case wherein the HTTP app starts first and
// tells the TLS app about the following auto-HTTPS domains
httpDomains := map[string]struct{}{"sub.example.com": {}}
if err := tlsApp.Manage(httpDomains); err != nil {
t.Fatal(err)
}
_, actuallyManaged := tlsApp.managing["sub.example.com"]
if actuallyManaged != tc.expectedToManage {
t.Errorf(
"expected sub.example.com individually managed: %v, got: %v",
tc.expectedToManage,
actuallyManaged,
)
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink