Skip to content

Add support for mTLS to both mock and test#2320

Merged
joelrosario merged 8 commits intomainfrom
codex/mtls-support
Mar 5, 2026
Merged

Add support for mTLS to both mock and test#2320
joelrosario merged 8 commits intomainfrom
codex/mtls-support

Conversation

@joelrosario
Copy link
Copy Markdown
Contributor

@joelrosario joelrosario commented Mar 4, 2026
edited
Loading

What:

When mock runs with mTLS enabled, it will send a challenge to the client but will accept any certificate.

When test runs and receives an mTLS challenge, it will respond using the configured certificate.

Here's a sample config with mTLS support and certs configured.

version: 3

systemUnderTest:
  service:
    definitions:
      - definition:
          source:
            filesystem:
              directory: ./specifications
          specs:
            - api.yaml
    runOptions:
      openapi:
        baseUrl: https://localhost:9443
        cert:
          keyStorePassword: client-store-pass
          keyStore:
            file: ./certs/client.pfx
            alias: specmatic-client
            password: client-store-pass

dependencies:
  services:
    - service:
        definitions:
          - definition:
              source:
                filesystem:
                  directory: ./specifications
              specs:
                - api.yaml
        runOptions:
          openapi:
            baseUrl: https://localhost:9443
            cert:
              mtlsEnabled: true
              keyStorePassword: server-store-pass
              keyStore:
                file: ./certs/server.pfx
                alias: specmatic-server
                password: server-store-pass

Why:

Services deployed in a testing environment may be behind an API gateway that leverages mTLS. Users testing their services in this environment cannot run contract tests without mTLS. Mocks may have to be started up with mTLS negotiation enabled in order to test mTLS support by the consumer components.

Checklist:

  • Unit Tests
  • Build passing locally
  • Sonar Quality Gate
  • Security scans don't report any vulnerabilities
  • Documentation added/updated (share link)
  • Sample Project added/updated (share link)
  • Demo video (share link)
  • Article on Website (share link)
  • Roadmpap updated (share link)
  • Conference Talk (share link)

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 4, 2026
edited
Loading

Summary

Line coverage Branch coverage

Assembly Line coverage Branch coverage
application 63.4% 55.5%
application/backwardCompatibility 79.5% 65.1%
application/mcp 84.7% 76.9%
application/validate 1.2% 2.5%
io/specmatic/conversions 93.2% 78.7%
io/specmatic/conversions/lenient 97.6% 77.4%
io/specmatic/core 81.5% 62.9%
io/specmatic/core/azure 0% 0%
io/specmatic/core/config 61.6% 39.4%
io/specmatic/core/config/v1 97.9% 25%
io/specmatic/core/config/v2 91.9% 78.8%
io/specmatic/core/config/v3 56.7% 30.1%
io/specmatic/core/config/v3/components 78.9% 40%
io/specmatic/core/config/v3/components/runOptions 75.4% 47.5%
io/specmatic/core/config/v3/components/services 89.4% 59.6%
io/specmatic/core/config/v3/components/settings 100% 63.8%
io/specmatic/core/config/v3/components/sources 83.8% 61.5%
io/specmatic/core/config/v3/specmatic 57.6% 25%
io/specmatic/core/discriminator 52.6% 50%
io/specmatic/core/examples/module 45.7% 28.9%
io/specmatic/core/examples/server 73.8% 36.8%
io/specmatic/core/filters 83.1% 72.1%
io/specmatic/core/fuzzy 97.3% 93.8%
io/specmatic/core/git 9% 10.8%
io/specmatic/core/jsonoperator 67.4% 68.8%
io/specmatic/core/jsonoperator/value 86.2% 74.4%
io/specmatic/core/lifecycle 0% ****
io/specmatic/core/log 75.9% 62.3%
io/specmatic/core/matchers 78.4% 65.4%
io/specmatic/core/overlay 87.3% 58.8%
io/specmatic/core/pattern 87.3% 76.7%
io/specmatic/core/pattern/config 100% ****
io/specmatic/core/pattern/regex 90.9% 81.9%
io/specmatic/core/report 97.5% 91.6%
io/specmatic/core/route/modules 95% 87.5%
io/specmatic/core/utilities 67.6% 57.7%
io/specmatic/core/value 82.4% 69.2%
io/specmatic/core/wsdl/parser 81.4% 41%
io/specmatic/core/wsdl/parser/message 90% 72%
io/specmatic/core/wsdl/parser/operation 100% 100%
io/specmatic/core/wsdl/payload 81.1% 50%
io/specmatic/junit5/support 0% ****
io/specmatic/loader 84.6% 53.5%
io/specmatic/mcp/constants 0% ****
io/specmatic/mcp/report 0% 0%
io/specmatic/mcp/test 0% 0%
io/specmatic/mcp/test/client 0% 0%
io/specmatic/mcp/test/client/model 0% 0%
io/specmatic/mock 61.4% 56.5%
io/specmatic/proxy 66.8% 51.2%
io/specmatic/specmatic/core 100% ****
io/specmatic/specmatic/executable 100% ****
io/specmatic/specmatic/mcp 0% ****
io/specmatic/stub 78.5% 67.9%
io/specmatic/stub/listener 100% 100%
io/specmatic/stub/report 100% 77%
io/specmatic/test 73.6% 62.9%
io/specmatic/test/asserts 95.2% 86.6%
io/specmatic/test/handlers 89.7% 63.3%
io/specmatic/test/listeners 86.4% 53.2%
io/specmatic/test/reports 60% 33.3%
io/specmatic/test/reports/coverage 97.2% 54.9%
io/specmatic/test/reports/coverage/console 90.2% 84%
io/specmatic/test/reports/coverage/html 0% 0%
io/specmatic/test/reports/renderers 21.8% 24.1%
io/specmatic/test/utils 92.3% 80%

@joelrosario joelrosario changed the title Remove spec-level mTLS overrides Add support for mTLS to both mock and test Mar 4, 2026
@joelrosario joelrosario merged commit b1eb816 into main Mar 5, 2026
3 checks passed
@joelrosario joelrosario deleted the codex/mtls-support branch March 5, 2026 06:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@joelrosario