wip caucase test

d1c04760 · Jérome Perrin · eed36779 · d1c04760
Commit d1c04760 authored Aug 27, 2020 by Jérome Perrin
Show whitespace changes
Inline Side-by-side

Showing with 149 additions and 45 deletions

software/erp5/test/test/test_balancer.py software/erp5/test/test/test_balancer.py +149 -45

No files found.
--- a/software/erp5/test/test/test_balancer.py
+++ b/software/erp5/test/test/test_balancer.py
@@ -55,8 +55,8 @@ class EchoHTTPServer(ManagedHTTPServer):
 class CaucaseService(ManagedService):
  url = None # type: str
-  caucase_dir = None # type: str
+  directory = None # type: str
-  caucase_process = None # type: subprocess.Popen
+  _caucased_process = None # type: subprocess.Popen
  def start(self):
    # type: () -> None
@@ -67,13 +67,15 @@ class CaucaseService(ManagedService):
    )
    caucased_path = os.path.join(software_release_root_path, 'bin', 'caucased')
-    self.caucase_dir = tempfile.mkdtemp()
+    self.directory = tempfile.mkdtemp()
-    caucased_dir = os.path.join(self.caucase_dir, 'caucased')
+    caucased_dir = os.path.join(self.directory, 'caucased')
    os.mkdir(caucased_dir)
+    os.mkdir(os.path.join(caucased_dir, 'user'))
+    os.mkdir(os.path.join(caucased_dir, 'service'))
    backend_caucased_netloc = '%s:%s' % (self._cls._ipv4_address, findFreeTCPPort(self._cls._ipv4_address))
    self.url = 'http://' + backend_caucased_netloc
-    self.caucased_process = subprocess.Popen(
+    self._caucased_process = subprocess.Popen(
      [
        caucased_path,
        '--db', os.path.join(caucased_dir, 'caucase.sqlite'),
@@ -96,9 +98,13 @@ class CaucaseService(ManagedService):
  def stop(self):
    # type: () -> None
-    self.caucased_process.terminate()
+    self._caucased_process.terminate()
-    self.caucased_process.wait()
+    self._caucased_process.wait()
-    shutil.rmtree(self.caucase_dir)
+    shutil.rmtree(self.directory)
+  def sign_csr(self, csr_path):
+    # type: () -> None
+    pass
 class BalancerTestCase(ERP5InstanceTestCase):
@@ -189,15 +195,109 @@ class TestAccessLog(BalancerTestCase, CrontabMixin):
    import pdb; pdb.set_trace()
+class CaucaseClientCertificate(ManagedService):
+  ca_crt_file = None # type: str 
+  crl_file = None # type: str 
+  csr_file = None # type: str 
+  cert_file = None # type: str 
+  key_file = None # type: str 
+  def start(self):
+    # type: () -> None
+    self.ca_crt_file = tempfile.NamedTemporaryFile(delete=False, suffix='ca-crt.pem').name
+    self.crl_file = tempfile.NamedTemporaryFile(delete=False, suffix='ca-crl.pem').name
+    self.csr_file = tempfile.NamedTemporaryFile(delete=False, suffix='csr.pem').name
+  #  self.cert_file = tempfile.NamedTemporaryFile(delete=False, suffix='crt.pem').name
+    self.cert_file = self.key_file = tempfile.NamedTemporaryFile(delete=False, suffix='key.pem').name
+  def stop(self):
+    # type: () -> None
+    os.unlink(self.ca_crt_file)
+    os.unlink(self.crl_file)
+    os.unlink(self.csr_file)
+    # os.unlink(self.cert_file)
+    os.unlink(self.key_file)
+  def request(self, common_name, caucase):
+    # type: (str, CaucaseCertificate) -> None
+    software_release_root_path = os.path.join(
+       self._cls.slap._software_root,
+       hashlib.md5(self._cls.getSoftwareURL().encode()).hexdigest(),
+    )
+    caucase_path = os.path.join(software_release_root_path, 'bin', 'caucase')
+    cas_args = [
+      caucase_path,
+      '--ca-url', caucase.url,
+      '--ca-crt', self.ca_crt_file, # must not exist
+      '--crl', self.crl_file,
+      # XXX 'service
+  #    '--ca-crt', os.path.join(caucase.directory, 'service', 'service-ca-crt.pem'),
+  #    '--crl', os.path.join(caucase.directory, 'service', 'service.crl'),
+  #    '--user-ca-crt', os.path.join(caucase.directory, 'service', 'user-ca-crt.pem'),
+  #    '--user-crl', os.path.join(caucase.directory, 'service', 'user.crl'),
+    ]
+    key = rsa.generate_private_key(
+      public_exponent=65537,
+      key_size=2048,
+      backend=default_backend()
+    )
+    with open(self.key_file, 'wb') as f:
+      f.write(key.private_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PrivateFormat.TraditionalOpenSSL,
+        encryption_algorithm=serialization.NoEncryption(),
+      ))
+    csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([
+      x509.NameAttribute(NameOID.COMMON_NAME, common_name),
+    ])).sign(key, hashes.SHA256(), default_backend())
+    with open(self.csr_file, 'wb') as f:
+      f.write(csr.public_bytes(serialization.Encoding.PEM))
+    caucase_process = subprocess.Popen(
+      cas_args + [
+        '--send-csr', self.csr_file,
+      ],
+      stdout=subprocess.PIPE,
+      stderr=subprocess.STDOUT,
+    )
+    result = caucase_process.communicate()
+    csr_id = result[0].split()[0]
+    for _ in range(10):
+      if not subprocess.call(
+        cas_args + [
+          '--get-crt', csr_id, self.cert_file,
+        ],
+      ) == 0:
+        break
+      else:
+        time.sleep(1)
+    else:
+      raise RuntimeError('getting service certificate failed.')
 class TestFrontendXForwardedFor(BalancerTestCase):
  __partition_reference__ = 'xff'
  frontend_caucase_dir = None
  frontend_caucased_process = None
-  # TODO: ManagedService
  @classmethod
  def setUpClass(cls):
+    # type: () -> None
+    frontend_caucase = cls.getManagedService('frontend_caucase', CaucaseService)
+    certificate = cls.getManagedService('client_certificate', CaucaseClientCertificate)
+    certificate.request(u'shared frontend', frontend_caucase)
+    cls.client_certificate = certificate.key_file
+    super(TestFrontendXForwardedFor, cls).setUpClass()
+  # TODO: ManagedService
+  @classmethod
+  def setUpClassOld(cls):
    # type: () -> None
    # start a caucased and generate a valid client certificate.
    cls.computer_partition_root_path = os.path.abspath(os.curdir)
@@ -211,6 +311,7 @@ class TestFrontendXForwardedFor(BalancerTestCase):
    frontend_caucased_netloc = '%s:%s' % (cls._ipv4_address, findFreeTCPPort(cls._ipv4_address))
    cls.frontend_caucased_url = 'http://' + frontend_caucased_netloc
+    if 0:
      cls.user_certificate = frontend_user_key = os.path.join(frontend_user_dir, 'client.key.pem')
      frontend_user_csr = os.path.join(frontend_user_dir, 'client.csr.pem')
@@ -277,6 +378,7 @@ class TestFrontendXForwardedFor(BalancerTestCase):
      '--user-crl', os.path.join(frontend_service_dir, 'user.crl'),
    ]
+    if 0:
      caucase_process = subprocess.Popen(
        cau_args + [
          '--mode', 'user',
@@ -351,7 +453,7 @@ class TestFrontendXForwardedFor(BalancerTestCase):
        'default': False,
        'default-auth': True,
    }
-    parameter_dict['ssl']['frontend-caucase-url-list'] = [cls.frontend_caucased_url]
+    parameter_dict['ssl']['frontend-caucase-url-list'] = [cls.getManagedService('frontend_caucase', CaucaseService).url]
    return parameter_dict
  @classmethod
@@ -391,3 +493,5 @@ class TestFrontendXForwardedFor(BalancerTestCase):
        headers={'X-Forwarded-For': '1.2.3.4'},
        verify=False,
      )
+del TestAccessLog
\ No newline at end of file