Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kirill Smelkov
slapos
Commits
95c54583
Commit
95c54583
authored
Feb 03, 2021
by
Łukasz Nowak
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
caddy-frontend: Implement start and stop of authenticated test server
parent
15fe00f0
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
56 additions
and
87 deletions
+56
-87
software/caddy-frontend/test/test.py
software/caddy-frontend/test/test.py
+56
-87
No files found.
software/caddy-frontend/test/test.py
View file @
95c54583
...
@@ -642,6 +642,48 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
...
@@ -642,6 +642,48 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
cls
.
logger
.
warning
(
cls
.
logger
.
warning
(
'Process %s still alive'
%
(
process
,
))
'Process %s still alive'
%
(
process
,
))
def
startAuthenticatedServerProcess
(
self
):
master_parameter_dict
=
self
.
parseConnectionParameterDict
()
caucase_url
=
master_parameter_dict
[
'backend-client-caucase-url'
]
ca_certificate
=
requests
.
get
(
caucase_url
+
'/cas/crt/ca.crt.pem'
)
assert
ca_certificate
.
status_code
==
httplib
.
OK
ca_certificate_file
=
os
.
path
.
join
(
self
.
working_directory
,
'ca-backend-client.crt.pem'
)
with
open
(
ca_certificate_file
,
'w'
)
as
fh
:
fh
.
write
(
ca_certificate
.
text
)
class
OwnTestHandler
(
TestHandler
):
identification
=
'Auth Backend'
server_https_auth
=
HTTPServer
(
(
self
.
_ipv4_address
,
self
.
_server_https_auth_port
),
OwnTestHandler
)
server_https_auth
.
socket
=
ssl
.
wrap_socket
(
server_https_auth
.
socket
,
certfile
=
self
.
test_server_certificate_file
.
name
,
cert_reqs
=
ssl
.
CERT_REQUIRED
,
ca_certs
=
ca_certificate_file
,
server_side
=
True
)
self
.
backend_https_auth_url
=
'https://%s:%s/'
\
%
server_https_auth
.
server_address
self
.
server_https_auth_process
=
multiprocessing
.
Process
(
target
=
server_https_auth
.
serve_forever
,
name
=
'HTTPSServerAuth'
)
self
.
server_https_auth_process
.
start
()
self
.
logger
.
debug
(
'Started process %s'
%
(
self
.
server_https_auth_process
,))
def
stopAuthenticatedServerProcess
(
self
):
self
.
logger
.
debug
(
'Stopping process %s'
%
(
self
.
server_https_auth_process
,))
self
.
server_https_auth_process
.
join
(
10
)
self
.
server_https_auth_process
.
terminate
()
time
.
sleep
(
0.1
)
if
self
.
server_https_auth_process
.
is_alive
():
self
.
logger
.
warning
(
'Process %s still alive'
%
(
self
.
server_https_auth_process
,
))
@
classmethod
@
classmethod
def
setUpMaster
(
cls
):
def
setUpMaster
(
cls
):
# run partition until AIKC finishes
# run partition until AIKC finishes
...
@@ -1895,50 +1937,20 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
...
@@ -1895,50 +1937,20 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
def test_auth_to_backend(self):
def test_auth_to_backend(self):
parameter_dict = self.assertSlaveBase('
auth
-
to
-
backend
')
parameter_dict = self.assertSlaveBase('
auth
-
to
-
backend
')
# 1. fetch certificate from backend-client-caucase-url
master_parameter_dict = self.parseConnectionParameterDict()
caucase_url = master_parameter_dict['
backend
-
client
-
caucase
-
url
']
ca_certificate = requests.get(caucase_url + '
/
cas
/
crt
/
ca
.
crt
.
pem
')
assert ca_certificate.status_code == httplib.OK
ca_certificate_file = os.path.join(
self.working_directory, '
ca
-
backend
-
client
.
crt
.
pem
')
with open(ca_certificate_file, '
w
') as fh:
fh.write(ca_certificate.text)
# 2. start backend with this certificate
class OwnTestHandler(TestHandler):
identification = '
Auth
Backend
'
server_https_auth = HTTPServer(
(self._ipv4_address, self._server_https_auth_port),
OwnTestHandler)
server_https_auth.socket = ssl.wrap_socket(
server_https_auth.socket,
certfile=self.test_server_certificate_file.name,
cert_reqs=ssl.CERT_REQUIRED,
ca_certs=ca_certificate_file,
server_side=True)
backend_https_auth_url = '
https
:
//%
s
:
%
s
/
'
\
% server_https_auth.server_address
server_https_auth_process = multiprocessing.Process(
self.startAuthenticatedServerProcess()
target=server_https_auth.serve_forever, name='
HTTPSServerAuth
')
server_https_auth_process.start()
self.logger.debug('
Started
process
%
s
' % (server_https_auth_process,))
try:
try:
#
3.
assert that you can'
t
fetch
nothing
without
key
# assert that you can'
t
fetch
nothing
without
key
try
:
try
:
requests
.
get
(
backend_https_auth_url
,
verify
=
False
)
requests
.
get
(
self
.
backend_https_auth_url
,
verify
=
False
)
except
Exception
:
except
Exception
:
pass
pass
else
:
else
:
self
.
fail
(
self
.
fail
(
'Access to %r shall be not possible without certificate'
%
(
'Access to %r shall be not possible without certificate'
%
(
backend_https_auth_url
,))
self
.
backend_https_auth_url
,))
#
4.
check that you can access this backend via frontend
# check that you can access this backend via frontend
#
(so it means that auth to backend worked)
# (so it means that auth to backend worked)
result
=
fakeHTTPSResult
(
result
=
fakeHTTPSResult
(
parameter_dict
[
'domain'
],
parameter_dict
[
'domain'
],
'test-path/deep/.././deeper'
,
'test-path/deep/.././deeper'
,
...
@@ -1974,60 +1986,23 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
...
@@ -1974,60 +1986,23 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
result
.
headers
[
'X-Backend-Identification'
]
result
.
headers
[
'X-Backend-Identification'
]
)
)
finally
:
finally
:
self
.
logger
.
debug
(
'Stopping process %s'
%
(
server_https_auth_process
,))
self
.
stopAuthenticatedServerProcess
()
server_https_auth_process
.
join
(
10
)
server_https_auth_process
.
terminate
()
time
.
sleep
(
0.1
)
if
server_https_auth_process
.
is_alive
():
self
.
logger
.
warning
(
'Process %s still alive'
%
(
server_https_auth_process
,
))
def
test_auth_to_backend_not_configured
(
self
):
def
test_auth_to_backend_not_configured
(
self
):
parameter_dict
=
self
.
assertSlaveBase
(
'auth-to-backend-not-configured'
)
parameter_dict
=
self
.
assertSlaveBase
(
'auth-to-backend-not-configured'
)
# 1. fetch certificate from backend-client-caucase-url
self
.
startAuthenticatedServerProcess
()
master_parameter_dict
=
self
.
parseConnectionParameterDict
()
caucase_url
=
master_parameter_dict
[
'backend-client-caucase-url'
]
ca_certificate
=
requests
.
get
(
caucase_url
+
'/cas/crt/ca.crt.pem'
)
assert
ca_certificate
.
status_code
==
httplib
.
OK
ca_certificate_file
=
os
.
path
.
join
(
self
.
working_directory
,
'ca-backend-client.crt.pem'
)
with
open
(
ca_certificate_file
,
'w'
)
as
fh
:
fh
.
write
(
ca_certificate
.
text
)
# 2. start backend with this certificate
class
OwnTestHandler
(
TestHandler
):
identification
=
'Auth Backend'
server_https_auth
=
HTTPServer
(
(
self
.
_ipv4_address
,
self
.
_server_https_auth_port
),
OwnTestHandler
)
server_https_auth
.
socket
=
ssl
.
wrap_socket
(
server_https_auth
.
socket
,
certfile
=
self
.
test_server_certificate_file
.
name
,
cert_reqs
=
ssl
.
CERT_REQUIRED
,
ca_certs
=
ca_certificate_file
,
server_side
=
True
)
backend_https_auth_url
=
'https://%s:%s/'
\
%
server_https_auth
.
server_address
server_https_auth_process
=
multiprocessing
.
Process
(
target
=
server_https_auth
.
serve_forever
,
name
=
'HTTPSServerAuth'
)
server_https_auth_process
.
start
()
self
.
logger
.
debug
(
'Started process %s'
%
(
server_https_auth_process
,))
try
:
try
:
#
3.
assert that you can't fetch nothing without key
# assert that you can't fetch nothing without key
try
:
try
:
requests
.
get
(
backend_https_auth_url
,
verify
=
False
)
requests
.
get
(
self
.
backend_https_auth_url
,
verify
=
False
)
except
Exception
:
except
Exception
:
pass
pass
else
:
else
:
self
.
fail
(
self
.
fail
(
'Access to %r shall be not possible without certificate'
%
(
'Access to %r shall be not possible without certificate'
%
(
backend_https_auth_url
,))
self
.
backend_https_auth_url
,))
#
4.
check that you can access this backend via frontend
# check that you can access this backend via frontend
#
(so it means that auth to backend worked)
# (so it means that auth to backend worked)
result
=
fakeHTTPSResult
(
result
=
fakeHTTPSResult
(
parameter_dict
[
'domain'
],
parameter_dict
[
'domain'
],
'test-path/deep/.././deeper'
,
'test-path/deep/.././deeper'
,
...
@@ -2046,13 +2021,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
...
@@ -2046,13 +2021,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
httplib
.
BAD_GATEWAY
httplib
.
BAD_GATEWAY
)
)
finally
:
finally
:
self
.
logger
.
debug
(
'Stopping process %s'
%
(
server_https_auth_process
,))
self
.
stopAuthenticatedServerProcess
()
server_https_auth_process
.
join
(
10
)
server_https_auth_process
.
terminate
()
time
.
sleep
(
0.1
)
if
server_https_auth_process
.
is_alive
():
self
.
logger
.
warning
(
'Process %s still alive'
%
(
server_https_auth_process
,
))
def
test_auth_to_backend_backend_ignore
(
self
):
def
test_auth_to_backend_backend_ignore
(
self
):
parameter_dict
=
self
.
assertSlaveBase
(
'auth-to-backend-backend-ignore'
)
parameter_dict
=
self
.
assertSlaveBase
(
'auth-to-backend-backend-ignore'
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment