Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Labels
Merge Requests
105
Merge Requests
105
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Jobs
Commits
Open sidebar
nexedi
slapos
Commits
a9e7b041
Commit
a9e7b041
authored
Feb 23, 2022
by
Łukasz Nowak
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
caddy-frontend: Cover manual CSR handling
parent
6a531a74
Pipeline
#20013
failed with stage
in 0 seconds
Changes
6
Pipelines
1
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
299 additions
and
50 deletions
+299
-50
software/caddy-frontend/test/test.py
software/caddy-frontend/test/test.py
+175
-50
software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_file_list_etc_cron_d-CADDY.txt
...dAIBCCDisabledRequest.test_file_list_etc_cron_d-CADDY.txt
+13
-0
software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_file_list_log-CADDY.txt
...DisabledAIBCCDisabledRequest.test_file_list_log-CADDY.txt
+16
-0
software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_file_list_plugin-CADDY.txt
...abledAIBCCDisabledRequest.test_file_list_plugin-CADDY.txt
+44
-0
software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_file_list_run-CADDY.txt
...DisabledAIBCCDisabledRequest.test_file_list_run-CADDY.txt
+14
-0
software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_supervisor_state-CADDY.txt
...abledAIBCCDisabledRequest.test_supervisor_state-CADDY.txt
+37
-0
No files found.
software/caddy-frontend/test/test.py
View file @
a9e7b041
...
@@ -53,6 +53,9 @@ import sys
...
@@ -53,6 +53,9 @@ import sys
import
logging
import
logging
import
random
import
random
import
string
import
string
from
slapos.slap.standalone
import
SlapOSNodeInstanceError
import
caucase.client
import
caucase.utils
try
:
try
:
...
@@ -741,25 +744,41 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
...
@@ -741,25 +744,41 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
self
.
logger
.
warning
(
self
.
logger
.
warning
(
'Process %s still alive'
%
(
self
.
server_https_auth_process
,
))
'Process %s still alive'
%
(
self
.
server_https_auth_process
,
))
@
classmethod
def
_fetchKedifaCaucaseCaCertificateFile
(
cls
,
parameter_dict
):
ca_certificate
=
requests
.
get
(
parameter_dict
[
'kedifa-caucase-url'
]
+
'/cas/crt/ca.crt.pem'
)
assert
ca_certificate
.
status_code
==
httplib
.
OK
cls
.
kedifa_caucase_ca_certificate_file
=
os
.
path
.
join
(
cls
.
working_directory
,
'kedifa-caucase.ca.crt.pem'
)
open
(
cls
.
kedifa_caucase_ca_certificate_file
,
'w'
).
write
(
ca_certificate
.
text
)
@
classmethod
def
_fetchBackendClientCaCertificateFile
(
cls
,
parameter_dict
):
ca_certificate
=
requests
.
get
(
parameter_dict
[
'backend-client-caucase-url'
]
+
'/cas/crt/ca.crt.pem'
)
assert
ca_certificate
.
status_code
==
httplib
.
OK
cls
.
backend_client_caucase_ca_certificate_file
=
os
.
path
.
join
(
cls
.
working_directory
,
'backend-client-caucase.ca.crt.pem'
)
open
(
cls
.
backend_client_caucase_ca_certificate_file
,
'w'
).
write
(
ca_certificate
.
text
)
@
classmethod
@
classmethod
def
setUpMaster
(
cls
):
def
setUpMaster
(
cls
):
# run partition until AIKC finishes
# run partition until AIKC finishes
cls
.
runComputerPartitionUntil
(
cls
.
runComputerPartitionUntil
(
cls
.
untilNotReadyYetNotInMasterKeyGenerateAuthUrl
)
cls
.
untilNotReadyYetNotInMasterKeyGenerateAuthUrl
)
parameter_dict
=
cls
.
requestDefaultInstance
().
getConnectionParameterDict
()
parameter_dict
=
cls
.
requestDefaultInstance
().
getConnectionParameterDict
()
ca_certificate
=
requests
.
get
(
cls
.
_fetchKedifaCaucaseCaCertificateFile
(
parameter_dict
)
parameter_dict
[
'kedifa-caucase-url'
]
+
'/cas/crt/ca.crt.pem'
)
assert
ca_certificate
.
status_code
==
httplib
.
OK
cls
.
ca_certificate_file
=
os
.
path
.
join
(
cls
.
working_directory
,
'ca.crt.pem'
)
open
(
cls
.
ca_certificate_file
,
'w'
).
write
(
ca_certificate
.
text
)
auth
=
requests
.
get
(
auth
=
requests
.
get
(
parameter_dict
[
'master-key-generate-auth-url'
],
parameter_dict
[
'master-key-generate-auth-url'
],
verify
=
cls
.
ca_certificate_file
)
verify
=
cls
.
kedifa_caucase_
ca_certificate_file
)
assert
auth
.
status_code
==
httplib
.
CREATED
assert
auth
.
status_code
==
httplib
.
CREATED
upload
=
requests
.
put
(
upload
=
requests
.
put
(
parameter_dict
[
'master-key-upload-url'
]
+
auth
.
text
,
parameter_dict
[
'master-key-upload-url'
]
+
auth
.
text
,
data
=
cls
.
key_pem
+
cls
.
certificate_pem
,
data
=
cls
.
key_pem
+
cls
.
certificate_pem
,
verify
=
cls
.
ca_certificate_file
)
verify
=
cls
.
kedifa_caucase_
ca_certificate_file
)
assert
upload
.
status_code
==
httplib
.
CREATED
assert
upload
.
status_code
==
httplib
.
CREATED
cls
.
runKedifaUpdater
()
cls
.
runKedifaUpdater
()
...
@@ -1063,6 +1082,17 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
...
@@ -1063,6 +1082,17 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
cls.stopServerProcess()
cls.stopServerProcess()
super(HttpFrontendTestCase, cls)._cleanup(snapshot_name)
super(HttpFrontendTestCase, cls)._cleanup(snapshot_name)
@classmethod
def _workingDirectorySetUp(cls):
# do working directory
cls.working_directory = os.path.join(os.path.realpath(
os.environ.get(
'
SLAPOS_TEST_WORKING_DIR
',
os.path.join(os.getcwd(), '
.
slapos
'))),
'
caddy
-
frontend
-
test
')
if not os.path.isdir(cls.working_directory):
os.mkdir(cls.working_directory)
@classmethod
@classmethod
def setUpClass(cls):
def setUpClass(cls):
try:
try:
...
@@ -1084,19 +1114,12 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
...
@@ -1084,19 +1114,12 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
super(HttpFrontendTestCase, cls).setUpClass()
super(HttpFrontendTestCase, cls).setUpClass()
try:
try:
cls._workingDirectorySetUp()
# expose instance directory
# expose instance directory
cls.instance_path = cls.slap.instance_directory
cls.instance_path = cls.slap.instance_directory
# expose software directory, extract from found computer partition
# expose software directory, extract from found computer partition
cls.software_path = os.path.realpath(os.path.join(
cls.software_path = os.path.realpath(os.path.join(
cls.computer_partition_root_path, '
software_release
'))
cls.computer_partition_root_path, '
software_release
'))
# do working directory
cls.working_directory = os.path.join(os.path.realpath(
os.environ.get(
'
SLAPOS_TEST_WORKING_DIR
',
os.path.join(os.getcwd(), '
.
slapos
'))),
'
caddy
-
frontend
-
test
')
if not os.path.isdir(cls.working_directory):
os.mkdir(cls.working_directory)
cls.setUpMaster()
cls.setUpMaster()
cls.waitForCaddy()
cls.waitForCaddy()
except BaseException:
except BaseException:
...
@@ -1335,6 +1358,120 @@ class TestMasterRequest(HttpFrontendTestCase, TestDataMixin):
...
@@ -1335,6 +1358,120 @@ class TestMasterRequest(HttpFrontendTestCase, TestDataMixin):
)
)
class
TestMasterAIKCDisabledAIBCCDisabledRequest
(
HttpFrontendTestCase
,
TestDataMixin
):
@
classmethod
def
getInstanceParameterDict
(
cls
):
return
{
'port'
:
HTTPS_PORT
,
'plain_http_port'
:
HTTP_PORT
,
'kedifa_port'
:
KEDIFA_PORT
,
'caucase_port'
:
CAUCASE_PORT
,
'automatic-internal-kedifa-caucase-csr'
:
'false'
,
'automatic-internal-backend-client-caucase-csr'
:
'false'
,
}
@
classmethod
def
_setUpClass
(
cls
):
instance_max_retry
=
cls
.
instance_max_retry
try
:
cls
.
instance_max_retry
=
3
super
(
TestMasterAIKCDisabledAIBCCDisabledRequest
,
cls
).
_setUpClass
()
except
SlapOSNodeInstanceError
:
# Note: SLAPOS_TEST_DEBUG=1 will interrupt
pass
else
:
raise
ValueError
(
'_setUpClass unexpected success'
)
# Cluster requested without automatic certificate handling will never
# stabilize, as nodes can't join to the cluster, so the user is required
# to first manually create key and certificate for himself, then manually
# create certificates for services
cls
.
_workingDirectorySetUp
()
_
,
kedifa_key_pem
,
_
,
kedifa_csr_pem
=
createCSR
(
'Kedifa User'
)
_
,
backend_client_key_pem
,
_
,
backend_client_csr_pem
=
createCSR
(
'Backend Client User'
)
parameter_dict
=
cls
.
requestDefaultInstance
(
).
getConnectionParameterDict
()
cls
.
_fetchKedifaCaucaseCaCertificateFile
(
parameter_dict
)
cls
.
_fetchBackendClientCaCertificateFile
(
parameter_dict
)
with
open
(
cls
.
kedifa_caucase_ca_certificate_file
)
as
fh
:
kedifa_ca_pem
=
fh
.
read
()
with
open
(
cls
.
backend_client_caucase_ca_certificate_file
)
as
fh
:
backend_client_ca_pem
=
fh
.
read
()
kedifa_caucase_url
=
parameter_dict
[
'kedifa-caucase-url'
]
backend_client_caucase_url
=
parameter_dict
[
'backend-client-caucase-url'
]
# Simulate human: create user keys
def
getCauCertificate
(
ca_url
,
ca_pem
,
csr_pem
):
cau_client
=
caucase
.
client
.
CaucaseClient
(
ca_url
=
ca_url
+
'/cau'
,
ca_crt_pem_list
=
caucase
.
utils
.
getCertList
(
ca_pem
),
)
csr_id
=
cau_client
.
createCertificateSigningRequest
(
csr_pem
)
return
cau_client
.
getCertificate
(
csr_id
)
kedifa_crt_pem
=
getCauCertificate
(
kedifa_caucase_url
,
kedifa_ca_pem
,
kedifa_csr_pem
)
backend_client_crt_pem
=
getCauCertificate
(
backend_client_caucase_url
,
backend_client_ca_pem
,
backend_client_csr_pem
)
kedifa_key_file
=
os
.
path
.
join
(
cls
.
working_directory
,
'kedifa-key.pem'
)
with
open
(
kedifa_key_file
,
'w'
)
as
fh
:
fh
.
write
(
kedifa_crt_pem
+
kedifa_key_pem
)
backend_client_key_file
=
os
.
path
.
join
(
cls
.
working_directory
,
'backend-client-key.pem'
)
with
open
(
backend_client_key_file
,
'w'
)
as
fh
:
fh
.
write
(
backend_client_crt_pem
+
backend_client_key_pem
)
# Simulate human: create service keys
def
signAllCasCsr
(
ca_url
,
ca_pem
,
user_key
,
pending_csr_amount
):
client
=
caucase
.
client
.
CaucaseClient
(
ca_url
=
ca_url
+
'/cas'
,
ca_crt_pem_list
=
caucase
.
utils
.
getCertList
(
ca_pem
),
user_key
=
user_key
)
pending_csr_list
=
client
.
getPendingCertificateRequestList
()
assert
len
(
pending_csr_list
)
==
pending_csr_amount
for
csr_entry
in
pending_csr_list
:
client
.
createCertificate
(
int
(
csr_entry
[
'id'
]))
signAllCasCsr
(
kedifa_caucase_url
,
kedifa_ca_pem
,
kedifa_key_file
,
2
)
signAllCasCsr
(
backend_client_caucase_url
,
backend_client_ca_pem
,
backend_client_key_file
,
1
)
# Continue instance processing, copy&paste from
# slapos.testing.testcase.SlapOSInstanceTestCase._setUpClass
# as we hack a lot
cls
.
instance_max_retry
=
instance_max_retry
cls
.
waitForInstance
()
cls
.
computer_partition
=
cls
.
requestDefaultInstance
()
cls
.
computer_partition_root_path
=
os
.
path
.
join
(
cls
.
slap
.
_instance_root
,
cls
.
computer_partition
.
getId
())
def
test
(
self
):
parameter_dict
=
self
.
parseConnectionParameterDict
()
self
.
assertKeyWithPop
(
'monitor-setup-url'
,
parameter_dict
)
self
.
assertBackendHaproxyStatisticUrl
(
parameter_dict
)
self
.
assertKedifaKeysWithPop
(
parameter_dict
,
'master-'
)
self
.
assertRejectedSlavePromiseEmptyWithPop
(
parameter_dict
)
self
.
assertKeyWithPop
(
'kedifa-csr-certificate'
,
parameter_dict
)
self
.
assertKeyWithPop
(
'kedifa-csr-url'
,
parameter_dict
)
self
.
assertKeyWithPop
(
'caddy-frontend-1-kedifa-csr-url'
,
parameter_dict
)
self
.
assertKeyWithPop
(
'caddy-frontend-1-backend-client-csr-url'
,
parameter_dict
)
self
.
assertKeyWithPop
(
'caddy-frontend-1-csr-certificate'
,
parameter_dict
)
self
.
assertEqual
(
{
'monitor-base-url'
:
'https://[%s]:8401'
%
self
.
_ipv6_address
,
'backend-client-caucase-url'
:
'http://[%s]:8990'
%
self
.
_ipv6_address
,
'domain'
:
'None'
,
'accepted-slave-amount'
:
'0'
,
'rejected-slave-amount'
:
'0'
,
'slave-amount'
:
'0'
,
'rejected-slave-dict'
:
{}},
parameter_dict
)
class
TestSlave
(
SlaveHttpFrontendTestCase
,
TestDataMixin
):
class
TestSlave
(
SlaveHttpFrontendTestCase
,
TestDataMixin
):
@
classmethod
@
classmethod
def
getInstanceParameterDict
(
cls
):
def
getInstanceParameterDict
(
cls
):
...
@@ -2535,7 +2672,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
...
@@ -2535,7 +2672,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
# as now the place to put the key is known put the key there
# as now the place to put the key is known put the key there
auth
=
requests
.
get
(
auth
=
requests
.
get
(
generate_auth
,
generate_auth
,
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
self
.
assertEqual
(
httplib
.
CREATED
,
auth
.
status_code
)
self
.
assertEqual
(
httplib
.
CREATED
,
auth
.
status_code
)
data
=
self
.
customdomain_ca_certificate_pem
+
\
data
=
self
.
customdomain_ca_certificate_pem
+
\
...
@@ -2545,7 +2682,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
...
@@ -2545,7 +2682,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
upload
=
requests
.
put
(
upload
=
requests
.
put
(
upload_url
+
auth
.
text
,
upload_url
+
auth
.
text
,
data
=
data
,
data
=
data
,
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
self
.
assertEqual
(
httplib
.
CREATED
,
upload
.
status_code
)
self
.
assertEqual
(
httplib
.
CREATED
,
upload
.
status_code
)
self
.
runKedifaUpdater
()
self
.
runKedifaUpdater
()
...
@@ -2585,7 +2722,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
...
@@ -2585,7 +2722,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
# as now the place to put the key is known put the key there
# as now the place to put the key is known put the key there
auth
=
requests
.
get
(
auth
=
requests
.
get
(
generate_auth
,
generate_auth
,
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
self
.
assertEqual
(
httplib
.
CREATED
,
auth
.
status_code
)
self
.
assertEqual
(
httplib
.
CREATED
,
auth
.
status_code
)
data
=
self
.
ca
.
certificate_pem
data
=
self
.
ca
.
certificate_pem
...
@@ -2593,7 +2730,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
...
@@ -2593,7 +2730,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
upload
=
requests
.
put
(
upload
=
requests
.
put
(
upload_url
+
auth
.
text
,
upload_url
+
auth
.
text
,
data
=
data
,
data
=
data
,
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
self
.
assertEqual
(
httplib
.
UNPROCESSABLE_ENTITY
,
upload
.
status_code
)
self
.
assertEqual
(
httplib
.
UNPROCESSABLE_ENTITY
,
upload
.
status_code
)
self
.
assertEqual
(
'Key incorrect'
,
upload
.
text
)
self
.
assertEqual
(
'Key incorrect'
,
upload
.
text
)
...
@@ -2618,7 +2755,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
...
@@ -2618,7 +2755,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
# as now the place to put the key is known put the key there
# as now the place to put the key is known put the key there
auth
=
requests
.
get
(
auth
=
requests
.
get
(
generate_auth
,
generate_auth
,
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
self
.
assertEqual
(
httplib
.
CREATED
,
auth
.
status_code
)
self
.
assertEqual
(
httplib
.
CREATED
,
auth
.
status_code
)
_
,
ca_key_pem
,
csr
,
_
=
createCSR
(
_
,
ca_key_pem
,
csr
,
_
=
createCSR
(
...
@@ -2629,7 +2766,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
...
@@ -2629,7 +2766,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
upload
=
requests
.
put
(
upload
=
requests
.
put
(
upload_url
+
auth
.
text
,
upload_url
+
auth
.
text
,
data
=
data
,
data
=
data
,
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
self
.
assertEqual
(
httplib
.
CREATED
,
upload
.
status_code
)
self
.
assertEqual
(
httplib
.
CREATED
,
upload
.
status_code
)
self
.
runKedifaUpdater
()
self
.
runKedifaUpdater
()
...
@@ -2671,7 +2808,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
...
@@ -2671,7 +2808,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
# as now the place to put the key is known put the key there
# as now the place to put the key is known put the key there
auth
=
requests
.
get
(
auth
=
requests
.
get
(
generate_auth
,
generate_auth
,
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
self
.
assertEqual
(
httplib
.
CREATED
,
auth
.
status_code
)
self
.
assertEqual
(
httplib
.
CREATED
,
auth
.
status_code
)
data
=
self
.
certificate_pem
+
self
.
key_pem
+
self
.
ca
.
certificate_pem
data
=
self
.
certificate_pem
+
self
.
key_pem
+
self
.
ca
.
certificate_pem
...
@@ -2679,7 +2816,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
...
@@ -2679,7 +2816,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
upload
=
requests
.
put
(
upload
=
requests
.
put
(
upload_url
+
auth
.
text
,
upload_url
+
auth
.
text
,
data
=
data
,
data
=
data
,
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
self
.
assertEqual
(
httplib
.
CREATED
,
upload
.
status_code
)
self
.
assertEqual
(
httplib
.
CREATED
,
upload
.
status_code
)
self
.
runKedifaUpdater
()
self
.
runKedifaUpdater
()
...
@@ -2832,14 +2969,14 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
...
@@ -2832,14 +2969,14 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
# as now the place to put the key is known put the key there
# as now the place to put the key is known put the key there
auth
=
requests
.
get
(
auth
=
requests
.
get
(
generate_auth
,
generate_auth
,
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
self
.
assertEqual
(
httplib
.
CREATED
,
auth
.
status_code
)
self
.
assertEqual
(
httplib
.
CREATED
,
auth
.
status_code
)
data
=
self
.
customdomain_certificate_pem
+
\
data
=
self
.
customdomain_certificate_pem
+
\
self
.
customdomain_key_pem
self
.
customdomain_key_pem
upload
=
requests
.
put
(
upload
=
requests
.
put
(
upload_url
+
auth
.
text
,
upload_url
+
auth
.
text
,
data
=
data
,
data
=
data
,
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
self
.
assertEqual
(
httplib
.
CREATED
,
upload
.
status_code
)
self
.
assertEqual
(
httplib
.
CREATED
,
upload
.
status_code
)
self
.
runKedifaUpdater
()
self
.
runKedifaUpdater
()
...
@@ -5057,11 +5194,7 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
...
@@ -5057,11 +5194,7 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
cls
.
untilNotReadyYetNotInMasterKeyGenerateAuthUrl
)
cls
.
untilNotReadyYetNotInMasterKeyGenerateAuthUrl
)
parameter_dict
=
cls
.
requestDefaultInstance
().
getConnectionParameterDict
()
parameter_dict
=
cls
.
requestDefaultInstance
().
getConnectionParameterDict
()
ca_certificate
=
requests
.
get
(
cls
.
_fetchKedifaCaucaseCaCertificateFile
(
parameter_dict
)
parameter_dict
[
'kedifa-caucase-url'
]
+
'/cas/crt/ca.crt.pem'
)
assert
ca_certificate
.
status_code
==
httplib
.
OK
cls
.
ca_certificate_file
=
os
.
path
.
join
(
cls
.
working_directory
,
'ca.crt.pem'
)
open
(
cls
.
ca_certificate_file
,
'w'
).
write
(
ca_certificate
.
text
)
# Do not upload certificates for the master partition
# Do not upload certificates for the master partition
@
classmethod
@
classmethod
...
@@ -5120,11 +5253,11 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
...
@@ -5120,11 +5253,11 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
self
.
requestDefaultInstance
().
getConnectionParameterDict
()
self
.
requestDefaultInstance
().
getConnectionParameterDict
()
auth
=
requests
.
get
(
auth
=
requests
.
get
(
master_parameter_dict
[
'master-key-generate-auth-url'
],
master_parameter_dict
[
'master-key-generate-auth-url'
],
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
requests
.
put
(
requests
.
put
(
master_parameter_dict
[
'master-key-upload-url'
]
+
auth
.
text
,
master_parameter_dict
[
'master-key-upload-url'
]
+
auth
.
text
,
data
=
key_pem
+
certificate_pem
,
data
=
key_pem
+
certificate_pem
,
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
self
.
runKedifaUpdater
()
self
.
runKedifaUpdater
()
result
=
fakeHTTPSResult
(
result
=
fakeHTTPSResult
(
...
@@ -5147,11 +5280,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
...
@@ -5147,11 +5280,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
cls
.
untilNotReadyYetNotInMasterKeyGenerateAuthUrl
)
cls
.
untilNotReadyYetNotInMasterKeyGenerateAuthUrl
)
parameter_dict
=
cls
.
requestDefaultInstance
().
getConnectionParameterDict
()
parameter_dict
=
cls
.
requestDefaultInstance
().
getConnectionParameterDict
()
ca_certificate
=
requests
.
get
(
cls
.
_fetchKedifaCaucaseCaCertificateFile
(
parameter_dict
)
parameter_dict
[
'kedifa-caucase-url'
]
+
'/cas/crt/ca.crt.pem'
)
assert
ca_certificate
.
status_code
==
httplib
.
OK
cls
.
ca_certificate_file
=
os
.
path
.
join
(
cls
.
working_directory
,
'ca.crt.pem'
)
open
(
cls
.
ca_certificate_file
,
'w'
).
write
(
ca_certificate
.
text
)
# Do not upload certificates for the master partition
# Do not upload certificates for the master partition
@
classmethod
@
classmethod
...
@@ -5413,7 +5542,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
...
@@ -5413,7 +5542,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
# as now the place to put the key is known put the key there
# as now the place to put the key is known put the key there
auth
=
requests
.
get
(
auth
=
requests
.
get
(
generate_auth
,
generate_auth
,
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
self
.
assertEqual
(
httplib
.
CREATED
,
auth
.
status_code
)
self
.
assertEqual
(
httplib
.
CREATED
,
auth
.
status_code
)
data
=
certificate_pem
+
key_pem
data
=
certificate_pem
+
key_pem
...
@@ -5421,7 +5550,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
...
@@ -5421,7 +5550,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
upload
=
requests
.
put
(
upload
=
requests
.
put
(
upload_url
+
auth
.
text
,
upload_url
+
auth
.
text
,
data
=
data
,
data
=
data
,
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
self
.
assertEqual
(
httplib
.
CREATED
,
upload
.
status_code
)
self
.
assertEqual
(
httplib
.
CREATED
,
upload
.
status_code
)
self
.
runKedifaUpdater
()
self
.
runKedifaUpdater
()
...
@@ -5504,7 +5633,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
...
@@ -5504,7 +5633,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
# as now the place to put the key is known put the key there
# as now the place to put the key is known put the key there
auth
=
requests
.
get
(
auth
=
requests
.
get
(
generate_auth
,
generate_auth
,
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
self
.
assertEqual
(
httplib
.
CREATED
,
auth
.
status_code
)
self
.
assertEqual
(
httplib
.
CREATED
,
auth
.
status_code
)
data
=
certificate_pem
+
key_pem
data
=
certificate_pem
+
key_pem
...
@@ -5512,7 +5641,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
...
@@ -5512,7 +5641,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
upload
=
requests
.
put
(
upload
=
requests
.
put
(
upload_url
+
auth
.
text
,
upload_url
+
auth
.
text
,
data
=
data
,
data
=
data
,
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
self
.
assertEqual
(
httplib
.
CREATED
,
upload
.
status_code
)
self
.
assertEqual
(
httplib
.
CREATED
,
upload
.
status_code
)
self
.
runKedifaUpdater
()
self
.
runKedifaUpdater
()
...
@@ -5588,7 +5717,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
...
@@ -5588,7 +5717,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
# as now the place to put the key is known put the key there
# as now the place to put the key is known put the key there
auth
=
requests
.
get
(
auth
=
requests
.
get
(
generate_auth
,
generate_auth
,
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
self
.
assertEqual
(
httplib
.
CREATED
,
auth
.
status_code
)
self
.
assertEqual
(
httplib
.
CREATED
,
auth
.
status_code
)
data
=
certificate_pem
+
key_pem
data
=
certificate_pem
+
key_pem
...
@@ -5596,7 +5725,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
...
@@ -5596,7 +5725,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
upload
=
requests
.
put
(
upload
=
requests
.
put
(
upload_url
+
auth
.
text
,
upload_url
+
auth
.
text
,
data
=
data
,
data
=
data
,
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
self
.
assertEqual
(
httplib
.
CREATED
,
upload
.
status_code
)
self
.
assertEqual
(
httplib
.
CREATED
,
upload
.
status_code
)
self
.
runKedifaUpdater
()
self
.
runKedifaUpdater
()
...
@@ -5681,7 +5810,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
...
@@ -5681,7 +5810,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
# as now the place to put the key is known put the key there
# as now the place to put the key is known put the key there
auth
=
requests
.
get
(
auth
=
requests
.
get
(
generate_auth
,
generate_auth
,
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
self
.
assertEqual
(
httplib
.
CREATED
,
auth
.
status_code
)
self
.
assertEqual
(
httplib
.
CREATED
,
auth
.
status_code
)
data
=
certificate_pem
+
key_pem
data
=
certificate_pem
+
key_pem
...
@@ -5689,7 +5818,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
...
@@ -5689,7 +5818,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
upload
=
requests
.
put
(
upload
=
requests
.
put
(
upload_url
+
auth
.
text
,
upload_url
+
auth
.
text
,
data
=
data
,
data
=
data
,
verify
=
self
.
ca_certificate_file
)
verify
=
self
.
kedifa_caucase_
ca_certificate_file
)
self
.
assertEqual
(
httplib
.
CREATED
,
upload
.
status_code
)
self
.
assertEqual
(
httplib
.
CREATED
,
upload
.
status_code
)
self
.
runKedifaUpdater
()
self
.
runKedifaUpdater
()
...
@@ -5907,11 +6036,7 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
...
@@ -5907,11 +6036,7 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
cls
.
untilNotReadyYetNotInMasterKeyGenerateAuthUrl
)
cls
.
untilNotReadyYetNotInMasterKeyGenerateAuthUrl
)
parameter_dict
=
cls
.
requestDefaultInstance
().
getConnectionParameterDict
()
parameter_dict
=
cls
.
requestDefaultInstance
().
getConnectionParameterDict
()
ca_certificate
=
requests
.
get
(
cls
.
_fetchKedifaCaucaseCaCertificateFile
(
parameter_dict
)
parameter_dict
[
'kedifa-caucase-url'
]
+
'/cas/crt/ca.crt.pem'
)
assert
ca_certificate
.
status_code
==
httplib
.
OK
cls
.
ca_certificate_file
=
os
.
path
.
join
(
cls
.
working_directory
,
'ca.crt.pem'
)
open
(
cls
.
ca_certificate_file
,
'w'
).
write
(
ca_certificate
.
text
)
# Do not upload certificates for the master partition
# Do not upload certificates for the master partition
instance_parameter_dict
=
{
instance_parameter_dict
=
{
...
...
software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_file_list_etc_cron_d-CADDY.txt
0 → 100644
View file @
a9e7b041
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_file_list_log-CADDY.txt
0 → 100644
View file @
a9e7b041
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
T-2/var/log/slave-introspection-error.log
T-2/var/log/trafficserver/manager.log
software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_file_list_plugin-CADDY.txt
0 → 100644
View file @
a9e7b041
T-0/etc/plugin/__init__.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-caddy-frontend-1.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-1/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/backend-client-caucase-updater.py
T-2/etc/plugin/backend-haproxy-configuration.py
T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/slave-introspection-configuration.py
T-2/etc/plugin/slave_introspection_https.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_file_list_run-CADDY.txt
0 → 100644
View file @
a9e7b041
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/backend-haproxy-rsyslogd.pid
T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-2/var/run/slave-introspection.pid
T-2/var/run/slave_introspection_configuration_last_state
T-2/var/run/slave_introspection_graceful_configuration_state_signature
software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_supervisor_state-CADDY.txt
0 → 100644
View file @
a9e7b041
T-0:bootstrap-monitor EXITED
T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING
T-2:slave-introspection-safe-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment