chore: verify mtls properly in tests

2025-10-06 17:17:18 +08:00 · 2025-05-23 09:48:40 +02:00
parent b85c02262b
commit 30b20739d0
2 changed files with 9 additions and 4 deletions
--- a/testhelpers/redis/redis.go
+++ b/testhelpers/redis/redis.go
@@ -77,6 +77,7 @@ func WithImage(image string) Option {
 // Container represents a running Redis container
 type Container struct {
 	URL       string
+	cmds      []string
 	Addrs     []string
 	Host      string
 	Port      int
@@ -106,16 +107,17 @@ func Start(t testing.TB, opts ...Option) *Container {
 	ctx := context.Background()
 	tcOpts := []testcontainers.ContainerCustomizer{}

+	var cmds []string
 	if config.UseTLS {
 		tcOpts = append(tcOpts, redis.WithTLS())

-		cmds := []string{
+		cmds = append(cmds,
 			"--port", "0",
 			"--tls-port", "6379",
 			"--tls-cert-file", "/tls/server.crt",
 			"--tls-key-file", "/tls/server.key",
 			"--tls-ca-cert-file", "/tls/ca.crt",
-		}
+		)

 		cmds = append(cmds, "--tls-auth-clients", func() string {
 			if config.MTLSDisabled {
@@ -133,6 +135,7 @@ func Start(t testing.TB, opts ...Option) *Container {

 	ctr := &Container{
 		TLSConfig: c.TLSConfig(),
+		cmds:      cmds,
 	}

 	uri, err := c.ConnectionString(ctx)
--- a/testhelpers/redis/redis_test.go
+++ b/testhelpers/redis/redis_test.go
@@ -42,7 +42,7 @@ func TestStart(t *testing.T) {

 	t.Run("with-tls", func(t *testing.T) {
 		t.Run("secure-url", func(t *testing.T) {
-			t.Run("mtls-disabled", func(t *testing.T) {
+			t.Run("mtls-enabled", func(t *testing.T) {
 				t.Parallel()

 				ctr := Start(t, WithTLS(true, false))
@@ -52,15 +52,17 @@ func TestStart(t *testing.T) {
 				require.Empty(t, ctr.Addrs)
 				require.Empty(t, ctr.Host)
 				require.Zero(t, ctr.Port)
+				require.Contains(t, ctr.cmds, "--tls-auth-clients", "yes")
 			})

-			t.Run("mtls-enabled", func(t *testing.T) {
+			t.Run("mtls-disabled", func(t *testing.T) {
 				t.Parallel()

 				ctr := Start(t, WithTLS(true, true))
 				require.NotEmpty(t, ctr.URL)
 				require.True(t, strings.HasPrefix(ctr.URL, "rediss://"))
 				require.NotNil(t, ctr.TLSConfig)
+				require.Contains(t, ctr.cmds, "--tls-auth-clients", "no")
 			})
 		})