############################################################################## # # Copyright (c) 2018 Nexedi SA and Contributors. All Rights Reserved. # # WARNING: This program as such is intended to be used by professional # programmers who take the whole responsibility of assessing all potential # consequences resulting from its eventual inadequacies and bugs # End users who are looking for a ready-to-use solution with commercial # guarantees and support are strongly adviced to contract a Free Software # Service Company # # This program is Free Software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 3 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # ############################################################################## import os import subprocess import json import glob import ConfigParser from slapos.recipe.librecipe import generateHashFromFiles from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass setUpModule, InstanceTestCase = makeModuleSetUpAndTestCaseClass( os.path.abspath( os.path.join(os.path.dirname(__file__), '..', 'software.cfg'))) class TurnServerTestCase(InstanceTestCase): partition_path = None def setUp(self): # Lookup the partition in which turnserver was installed. partition_path_list = glob.glob(os.path.join( self.slap.instance_directory, '*')) for partition_path in partition_path_list: if os.path.exists(os.path.join(partition_path, 'etc/turnserver.conf')): self.partition_path = partition_path break self.assertTrue( self.partition_path, "Turnserver path not found in %r" % (partition_path_list,)) class TestServices(TurnServerTestCase): def test_process_list(self): hash_list = [ 'software_release/buildout.cfg', ] expected_process_names = [ 'bootstrap-monitor', 'turnserver-{hash}-on-watch', 'certificate_authority-{hash}-on-watch', 'crond-{hash}-on-watch', 'monitor-httpd-{hash}-on-watch', 'monitor-httpd-graceful', ] with self.slap.instance_supervisor_rpc as supervisor: process_name_list = [process['name'] for process in supervisor.getAllProcessInfo()] hash_file_list = [os.path.join(self.computer_partition_root_path, path) for path in hash_list] for name in expected_process_names: h = generateHashFromFiles(hash_file_list) expected_process_name = name.format(hash=h) self.assertIn(expected_process_name, process_name_list) def test_default_deployment(self): secret_file = os.path.join(self.partition_path, 'etc/.turnsecret') self.assertTrue(os.path.exists(self.partition_path)) self.assertTrue(os.path.exists(secret_file)) config = ConfigParser.ConfigParser() with open(secret_file) as f: config.readfp(f) secret = config.get('turnserver', 'secret') self.assertTrue(secret) expected_config = """listening-port=3478 tls-listening-port=5349 fingerprint lt-cred-mech use-auth-secret static-auth-secret=%(secret)s listening-ip=%(ipv4)s server-name=turn.example.com realm=turn.example.com total-quota=100 bps-capacity=0 stale-nonce=600 cert=%(instance_path)s/etc/ssl/cert.pem pkey=%(instance_path)s/etc/ssl/key.pem dh-file=%(instance_path)s/etc/ssl/dhparam.pem cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5" no-loopback-peers no-multicast-peers mobility no-tlsv1 no-tlsv1_1 no-stdout-log simple-log log-file=%(instance_path)s/var/log/turnserver.log userdb=%(instance_path)s/srv/turndb pidfile=%(instance_path)s/var/run/turnserver.pid verbose""" % {'instance_path': self.partition_path, 'secret': secret, 'ipv4': self._ipv4_address} with open(os.path.join(self.partition_path, 'etc/turnserver.conf')) as f: current_config = f.read().strip() self.assertEqual(current_config.splitlines(), expected_config.splitlines()) class TestParameters(TurnServerTestCase): @classmethod def getInstanceParameterDict(cls): return { 'server-name': "turn.site.com", 'port': 3488, 'tls-port': 5369, 'external-ip': '127.0.0.1', 'listening-ip': '127.0.0.1' } def test_turnserver_with_parameters(self): secret_file = os.path.join(self.partition_path, 'etc/.turnsecret') self.assertTrue(os.path.exists(self.partition_path)) self.assertTrue(os.path.exists(secret_file)) config = ConfigParser.ConfigParser() with open(secret_file) as f: config.readfp(f) secret = config.get('turnserver', 'secret') self.assertTrue(secret) expected_config = """listening-port=%(port)s tls-listening-port=%(tls_port)s fingerprint lt-cred-mech use-auth-secret static-auth-secret=%(secret)s listening-ip=%(ipv4)s external-ip=%(external_ip)s server-name=%(name)s realm=%(name)s total-quota=100 bps-capacity=0 stale-nonce=600 cert=%(instance_path)s/etc/ssl/cert.pem pkey=%(instance_path)s/etc/ssl/key.pem dh-file=%(instance_path)s/etc/ssl/dhparam.pem cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5" no-loopback-peers no-multicast-peers mobility no-tlsv1 no-tlsv1_1 no-stdout-log simple-log log-file=%(instance_path)s/var/log/turnserver.log userdb=%(instance_path)s/srv/turndb pidfile=%(instance_path)s/var/run/turnserver.pid verbose""" % {'instance_path': self.partition_path, 'secret': secret, 'ipv4': '127.0.0.1', 'name': 'turn.site.com', 'external_ip': '127.0.0.1', 'port': 3488, 'tls_port': 5369,} with open(os.path.join(self.partition_path, 'etc/turnserver.conf')) as f: current_config = f.read().strip() self.assertEqual(current_config.splitlines(), expected_config.splitlines()) class TestInsecureServices(TurnServerTestCase): @classmethod def getInstanceSoftwareType(cls): return 'insecure' def test_process_list(self): hash_list = [ 'software_release/buildout.cfg', ] expected_process_names = [ 'bootstrap-monitor', 'turnserver-{hash}-on-watch', 'certificate_authority-{hash}-on-watch', 'crond-{hash}-on-watch', 'monitor-httpd-{hash}-on-watch', 'monitor-httpd-graceful', ] with self.slap.instance_supervisor_rpc as supervisor: process_name_list = [process['name'] for process in supervisor.getAllProcessInfo()] hash_file_list = [os.path.join(self.computer_partition_root_path, path) for path in hash_list] for name in expected_process_names: h = generateHashFromFiles(hash_file_list) expected_process_name = name.format(hash=h) self.assertIn(expected_process_name, process_name_list) def test_default_deployment(self): self.assertTrue(os.path.exists(self.partition_path)) connection_parameter_dict = self.computer_partition\ .getConnectionParameterDict() password = connection_parameter_dict['password'] expected_config = """listening-port=3478 lt-cred-mech realm=turn.example.com fingerprint listening-ip=%(ipv4)s server-name=turn.example.com no-stdout-log simple-log log-file=%(instance_path)s/var/log/turnserver.log pidfile=%(instance_path)s/var/run/turnserver.pid verbose user=nxdturn:%(password)s""" % {'instance_path': self.partition_path, 'password': password, 'ipv4': self._ipv4_address} with open(os.path.join(self.partition_path, 'etc/turnserver.conf')) as f: current_config = f.read().strip() self.assertEqual(current_config.splitlines(), expected_config.splitlines())