test that the ca-certs bundle works in scratch containers

Go to file

leo fd10da2453 Containerfile: use scratch-with-cacerts directly		2023-03-09 14:38:48 +01:00
.gitignore	initial commit	2023-03-08 17:59:17 +01:00
Containerfile	Containerfile: use scratch-with-cacerts directly	2023-03-09 14:38:48 +01:00
Containerfile.certfail	initial commit	2023-03-08 17:59:17 +01:00
go.mod	initial commit	2023-03-08 17:59:17 +01:00
main.go	initial commit	2023-03-08 17:59:17 +01:00
Makefile	initial commit	2023-03-08 17:59:17 +01:00
README.md	initial commit	2023-03-08 17:59:17 +01:00
run.go	initial commit	2023-03-08 17:59:17 +01:00

certs-test

this repo contains a program that tries to connect to a TLS protected endpoint. there are two variants of a Containerfile:

Containerfile - here the program should be able to successfully connect to a TLS-protected endpoint from a scratch container because the ca-certs bundle has been copied in.
Containerfile.certfail - here the ca-certs bundle is missing, therefore the program should fail with the following:

2023/03/08 18:31:00 connecting to https://<endpoint> panic: Get "https://<endpoint>": tls: failed to verify certificate: x509: certificate signed by unknown authority

to build a container in which the app will be able to connect to a TLS connected endpoint, run:

podman build -tcerts-test:success -f Dockerfile .

alternatively, run make or make certsuccess

to build a container that will yield a CA cert validation failure (because of the missing ca-cert bundle), run:

podman build -tcerts-test:fail -f Dockerfile .

alternatively, run make certfail

to manually build and run the app, run:

go build -v . && ./certs-test -endpoint=<yoursite.tld>

to run the container, do

podman run localhost/certs-test:success

podman run localhost/certs-test:fail

based on which one you'd like to run.