Changeset e3e0de1 in mod_gnutls

Timestamp:

Dec 7, 2019, 9:42:07 AM (3 years ago)

Author:

Fiona Klute <fiona.klute@…>

Branches:

asyncio, main, master, proxy-ticket

Children:

8b72599

Parents:

09d923b

Message:

https-test-client.py: Make host and port configurable per connection

Both variables can use environment variables. If unset they default to
TEST_TARGET and TEST_PORT. This makes it possible to connect to
different servers in one test, for example in proxy tests to check
that the backend server is behaving as expected.

Location:

test

Files:

• https-test-client.py (modified) (4 diffs)
• mgstest/tests.py (modified) (3 diffs)
• runtests (modified) (1 diff)
• tests/21_TLS_reverse_proxy_wrong_cert/test.yml (modified) (1 diff)

test/https-test-client.py

@@ -16 +16 @@
 # limitations under the License.
 
+import os
 import yaml
 
@@ -25 +26 @@
         description='Send HTTP requests through gnutls-cli',
         formatter_class=argparse.ArgumentDefaultsHelpFormatter)
-    parser.add_argument('host', nargs='?', help='Access the specified host',
-                        default='localhost')
-    parser.add_argument('-p', '--port', type=int,
-                        help='Access the specified port', default='8000')
+    parser.add_argument('host', nargs='?', default=None,
+                        help='Access this host. Overrides TEST_TARGET, '
+                        'but not the test configuration file.')
+    parser.add_argument('-p', '--port', default=None,
+                        help='Access this port. Overrides TEST_PORT, '
+                        'but not the test configuration file.')
     parser.add_argument('--timeout', type=float,
                         help='Timeout for HTTP requests', default='5.0')
@@ -43 +46 @@
     args = parser.parse_args()
 
+    if args.host:
+        os.environ['TEST_TARGET'] = args.host
+    if args.port:
+        os.environ['TEST_PORT'] = args.port
+
     conns = None
 
@@ -56 +64 @@
 
     for test_conn in conns:
-        test_conn.run(host=args.host, port=args.port, timeout=args.timeout)
+        test_conn.run(timeout=args.timeout)

test/mgstest/tests.py

@@ -21 +21 @@
 """
 
+import os
 import re
 import subprocess
 import yaml
+
+from string import Template
 
 from . import TestExpectationFailed
@@ -42 +45 @@
     yaml_tag = '!connection'
 
-    def __init__(self, actions, gnutls_params=[], transport='gnutls'):
+    def __init__(self, actions, host=None, port=None, gnutls_params=[],
+                 transport='gnutls'):
         self.gnutls_params = gnutls_params
         self.actions = actions
         self.transport = transport
+        if host:
+            self.host = subst_env(host)
+        else:
+            self.host = os.environ.get('TEST_TARGET', 'localhost')
+        if port:
+            self.port = int(subst_env(port))
+        else:
+            self.port = int(os.environ.get('TEST_PORT', 8000))
 
     def __repr__(self):
         return (f'{self.__class__.__name__!s}'
-                f'(gnutls_params={self.gnutls_params!r}, '
+                f'(host={self.host!r}, port={self.port!r}, '
+                f'gnutls_params={self.gnutls_params!r}, '
                 f'actions={self.actions!r}, transport={self.transport!r})')
 
-    def run(self, host, port, timeout=5.0):
+    def run(self, timeout=5.0):
         # note: "--logfile" option requires GnuTLS version >= 3.6.7
         command = ['gnutls-cli', '--logfile=/dev/stderr']
         for s in self.gnutls_params:
             command.append('--' + s)
-        command = command + ['-p', str(port), host]
-
-        conn = HTTPSubprocessConnection(command, host, port,
+        command = command + ['-p', str(self.port), self.host]
+
+        conn = HTTPSubprocessConnection(command, self.host, self.port,
                                         output_filter=filter_cert_log,
                                         timeout=timeout)
@@ -322 +335 @@
     s = s + '\n\n' + body
     return s
+
+
+
+def subst_env(text):
+    t = Template(text)
+    return t.substitute(os.environ)

test/runtests

@@ -191 +191 @@
 
 if [ -n "${TARGET_IP}" ]; then
-    TARGET="${TARGET_IP}"
-else
-    TARGET="${TEST_HOST}"
-fi
-
-${PYTHON} ${srcdir}/https-test-client.py -p "${TEST_PORT}" "${TARGET}" \
+    export TEST_TARGET="${TARGET_IP}"
+else
+    export TEST_TARGET="${TEST_HOST}"
+fi
+
+${PYTHON} ${srcdir}/https-test-client.py \
           --test-config "${testdir}/test.yml" \
           --timeout "${TEST_QUERY_TIMEOUT}" \

test/tests/21_TLS_reverse_proxy_wrong_cert/test.yml

@@ -1 @@
-!connection
-gnutls_params:
-  - x509cafile=authority/x509.pem
-actions:
-  - !request
-    path: /proxy/test.txt
-    expect:
-      status: 502
-      body:
-        contains:
-          - 'Proxy Error'
-          - 'Error reading from remote server'
+# The reverse proxy can't access the backend (certificate validation
+# fails)
+- !connection
+  gnutls_params:
+    - x509cafile=authority/x509.pem
+  actions:
+    - !request
+      path: /proxy/test.txt
+      expect:
+        status: 502
+        body:
+          contains:
+            - 'Proxy Error'
+            - 'Error reading from remote server'
+
+# Check if the proxy itself works correctly and presents the expected
+# bad certificate
+- !connection
+  host: '${BACKEND_HOST}'
+  port: '${BACKEND_PORT}'
+  gnutls_params:
+    - x509cafile=authority/x509.pem
+    - verify-hostname=imposter.example
+  actions:
+    - !request
+      path: /test.txt
+      expect:
+        status: 200
+        body:
+          exactly: |
+            test