Add TERMINATED_HTTPS listener API tests
So far we did not have TERMINATED_HTTPS API tests in the listener API tests (we only had scenario tests). This patch adds the missing API tests. Depends-on: I5f54320b3beffde44606b01390c6ce79f28ede64 Change-Id: I90b1c7c00e8642ef7d3b7af63c9bb90ba8855adb
This commit is contained in:
parent
19b90e9271
commit
17c3652647
@ -12,18 +12,24 @@
|
|||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
import base64
|
||||||
import time
|
import time
|
||||||
from uuid import UUID
|
from uuid import UUID
|
||||||
|
|
||||||
|
from cryptography.hazmat.primitives import serialization
|
||||||
|
|
||||||
from dateutil import parser
|
from dateutil import parser
|
||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
from oslo_utils import strutils
|
from oslo_utils import strutils
|
||||||
|
from oslo_utils import uuidutils
|
||||||
from tempest import config
|
from tempest import config
|
||||||
from tempest.lib.common.utils import data_utils
|
from tempest.lib.common.utils import data_utils
|
||||||
from tempest.lib import decorators
|
from tempest.lib import decorators
|
||||||
from tempest.lib import exceptions
|
from tempest.lib import exceptions
|
||||||
import testtools
|
import testtools
|
||||||
|
|
||||||
|
from octavia_tempest_plugin.common import barbican_client_mgr
|
||||||
|
from octavia_tempest_plugin.common import cert_utils
|
||||||
from octavia_tempest_plugin.common import constants as const
|
from octavia_tempest_plugin.common import constants as const
|
||||||
from octavia_tempest_plugin.tests import test_base
|
from octavia_tempest_plugin.tests import test_base
|
||||||
from octavia_tempest_plugin.tests import waiters
|
from octavia_tempest_plugin.tests import waiters
|
||||||
@ -35,11 +41,176 @@ LOG = logging.getLogger(__name__)
|
|||||||
class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
||||||
"""Test the listener object API."""
|
"""Test the listener object API."""
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def _store_secret(cls, barbican_mgr, secret):
|
||||||
|
new_secret_ref = barbican_mgr.store_secret(secret)
|
||||||
|
cls.addClassResourceCleanup(barbican_mgr.delete_secret,
|
||||||
|
new_secret_ref)
|
||||||
|
|
||||||
|
# Set the barbican ACL if the Octavia API version doesn't do it
|
||||||
|
# automatically.
|
||||||
|
if not cls.mem_lb_client.is_version_supported(
|
||||||
|
cls.api_version, '2.1'):
|
||||||
|
user_list = cls.os_admin.users_v3_client.list_users(
|
||||||
|
name=CONF.load_balancer.octavia_svc_username)
|
||||||
|
msg = 'Only one user named "{0}" should exist, {1} found.'.format(
|
||||||
|
CONF.load_balancer.octavia_svc_username,
|
||||||
|
len(user_list['users']))
|
||||||
|
cls.assertEqual(1, len(user_list['users']), msg)
|
||||||
|
barbican_mgr.add_acl(new_secret_ref, user_list['users'][0]['id'])
|
||||||
|
return new_secret_ref
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def _generate_load_certificate(cls, barbican_mgr, ca_cert, ca_key, name):
|
||||||
|
new_cert, new_key = cert_utils.generate_server_cert_and_key(
|
||||||
|
ca_cert, ca_key, name)
|
||||||
|
|
||||||
|
LOG.debug('%s Cert: %s', name, new_cert.public_bytes(
|
||||||
|
serialization.Encoding.PEM))
|
||||||
|
LOG.debug('%s private Key: %s', name, new_key.private_bytes(
|
||||||
|
encoding=serialization.Encoding.PEM,
|
||||||
|
format=serialization.PrivateFormat.TraditionalOpenSSL,
|
||||||
|
encryption_algorithm=serialization.NoEncryption()))
|
||||||
|
new_public_key = new_key.public_key()
|
||||||
|
LOG.debug('%s public Key: %s', name, new_public_key.public_bytes(
|
||||||
|
encoding=serialization.Encoding.PEM,
|
||||||
|
format=serialization.PublicFormat.SubjectPublicKeyInfo))
|
||||||
|
|
||||||
|
# Create the pkcs12 bundle
|
||||||
|
pkcs12 = cert_utils.generate_pkcs12_bundle(new_cert, new_key)
|
||||||
|
LOG.debug('%s PKCS12 bundle: %s', name, base64.b64encode(pkcs12))
|
||||||
|
|
||||||
|
new_secret_ref = cls._store_secret(barbican_mgr, pkcs12)
|
||||||
|
|
||||||
|
return new_cert, new_key, new_secret_ref
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def _load_pool_pki(cls):
|
||||||
|
# Create the member client authentication CA
|
||||||
|
cls.member_client_ca_cert, member_client_ca_key = (
|
||||||
|
cert_utils.generate_ca_cert_and_key())
|
||||||
|
|
||||||
|
# Create client cert and key
|
||||||
|
cls.member_client_cn = uuidutils.generate_uuid()
|
||||||
|
cls.member_client_cert, cls.member_client_key = (
|
||||||
|
cert_utils.generate_client_cert_and_key(
|
||||||
|
cls.member_client_ca_cert, member_client_ca_key,
|
||||||
|
cls.member_client_cn))
|
||||||
|
|
||||||
|
# Create the pkcs12 bundle
|
||||||
|
pkcs12 = cert_utils.generate_pkcs12_bundle(cls.member_client_cert,
|
||||||
|
cls.member_client_key)
|
||||||
|
LOG.debug('Pool client PKCS12 bundle: %s', base64.b64encode(pkcs12))
|
||||||
|
|
||||||
|
cls.pool_client_ref = cls._store_secret(cls.barbican_mgr, pkcs12)
|
||||||
|
|
||||||
|
cls.member_ca_cert, cls.member_ca_key = (
|
||||||
|
cert_utils.generate_ca_cert_and_key())
|
||||||
|
|
||||||
|
cert, key = cert_utils.generate_server_cert_and_key(
|
||||||
|
cls.member_ca_cert, cls.member_ca_key, cls.server_uuid)
|
||||||
|
|
||||||
|
cls.pool_CA_ref = cls._store_secret(
|
||||||
|
cls.barbican_mgr,
|
||||||
|
cls.member_ca_cert.public_bytes(serialization.Encoding.PEM))
|
||||||
|
|
||||||
|
cls.member_crl = cert_utils.generate_certificate_revocation_list(
|
||||||
|
cls.member_ca_cert, cls.member_ca_key, cert)
|
||||||
|
|
||||||
|
cls.pool_CRL_ref = cls._store_secret(
|
||||||
|
cls.barbican_mgr,
|
||||||
|
cls.member_crl.public_bytes(serialization.Encoding.PEM))
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def should_apply_terminated_https(cls, protocol=None):
|
||||||
|
if protocol and protocol != const.TERMINATED_HTTPS:
|
||||||
|
return False
|
||||||
|
return CONF.load_balancer.test_with_noop or getattr(
|
||||||
|
CONF.service_available, 'barbican', False)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def resource_setup(cls):
|
def resource_setup(cls):
|
||||||
"""Setup resources needed by the tests."""
|
"""Setup resources needed by the tests."""
|
||||||
super(ListenerAPITest, cls).resource_setup()
|
super(ListenerAPITest, cls).resource_setup()
|
||||||
|
|
||||||
|
if CONF.load_balancer.test_with_noop:
|
||||||
|
cls.server_secret_ref = uuidutils.generate_uuid()
|
||||||
|
cls.SNI1_secret_ref = uuidutils.generate_uuid()
|
||||||
|
cls.SNI2_secret_ref = uuidutils.generate_uuid()
|
||||||
|
elif getattr(CONF.service_available, 'barbican', False):
|
||||||
|
# Create a CA self-signed cert and key
|
||||||
|
cls.ca_cert, ca_key = cert_utils.generate_ca_cert_and_key()
|
||||||
|
|
||||||
|
LOG.debug('CA Cert: %s', cls.ca_cert.public_bytes(
|
||||||
|
serialization.Encoding.PEM))
|
||||||
|
LOG.debug('CA private Key: %s', ca_key.private_bytes(
|
||||||
|
encoding=serialization.Encoding.PEM,
|
||||||
|
format=serialization.PrivateFormat.TraditionalOpenSSL,
|
||||||
|
encryption_algorithm=serialization.NoEncryption()))
|
||||||
|
LOG.debug('CA public Key: %s', ca_key.public_key().public_bytes(
|
||||||
|
encoding=serialization.Encoding.PEM,
|
||||||
|
format=serialization.PublicFormat.SubjectPublicKeyInfo))
|
||||||
|
|
||||||
|
# Load the secret into the barbican service under the
|
||||||
|
# os_roles_lb_member tenant
|
||||||
|
cls.barbican_mgr = barbican_client_mgr.BarbicanClientManager(
|
||||||
|
cls.os_roles_lb_member)
|
||||||
|
|
||||||
|
# Create a server cert and key
|
||||||
|
# This will be used as the "default certificate" in SNI tests.
|
||||||
|
cls.server_uuid = uuidutils.generate_uuid()
|
||||||
|
LOG.debug('Server (default) UUID: %s', cls.server_uuid)
|
||||||
|
|
||||||
|
server_cert, server_key, cls.server_secret_ref = (
|
||||||
|
cls._generate_load_certificate(cls.barbican_mgr, cls.ca_cert,
|
||||||
|
ca_key, cls.server_uuid))
|
||||||
|
|
||||||
|
# Create the SNI1 cert and key
|
||||||
|
cls.SNI1_uuid = uuidutils.generate_uuid()
|
||||||
|
LOG.debug('SNI1 UUID: %s', cls.SNI1_uuid)
|
||||||
|
|
||||||
|
SNI1_cert, SNI1_key, cls.SNI1_secret_ref = (
|
||||||
|
cls._generate_load_certificate(cls.barbican_mgr, cls.ca_cert,
|
||||||
|
ca_key, cls.SNI1_uuid))
|
||||||
|
|
||||||
|
# Create the SNI2 cert and key
|
||||||
|
cls.SNI2_uuid = uuidutils.generate_uuid()
|
||||||
|
LOG.debug('SNI2 UUID: %s', cls.SNI2_uuid)
|
||||||
|
|
||||||
|
SNI2_cert, SNI2_key, cls.SNI2_secret_ref = (
|
||||||
|
cls._generate_load_certificate(cls.barbican_mgr, cls.ca_cert,
|
||||||
|
ca_key, cls.SNI2_uuid))
|
||||||
|
|
||||||
|
# Create the client authentication CA
|
||||||
|
cls.client_ca_cert, client_ca_key = (
|
||||||
|
cert_utils.generate_ca_cert_and_key())
|
||||||
|
|
||||||
|
cls.client_ca_cert_ref = cls._store_secret(
|
||||||
|
cls.barbican_mgr,
|
||||||
|
cls.client_ca_cert.public_bytes(serialization.Encoding.PEM))
|
||||||
|
|
||||||
|
# Create client cert and key
|
||||||
|
cls.client_cn = uuidutils.generate_uuid()
|
||||||
|
cls.client_cert, cls.client_key = (
|
||||||
|
cert_utils.generate_client_cert_and_key(
|
||||||
|
cls.client_ca_cert, client_ca_key, cls.client_cn))
|
||||||
|
|
||||||
|
# Create revoked client cert and key
|
||||||
|
cls.revoked_client_cn = uuidutils.generate_uuid()
|
||||||
|
cls.revoked_client_cert, cls.revoked_client_key = (
|
||||||
|
cert_utils.generate_client_cert_and_key(
|
||||||
|
cls.client_ca_cert, client_ca_key, cls.revoked_client_cn))
|
||||||
|
|
||||||
|
# Create certificate revocation list and revoke cert
|
||||||
|
cls.client_crl = cert_utils.generate_certificate_revocation_list(
|
||||||
|
cls.client_ca_cert, client_ca_key, cls.revoked_client_cert)
|
||||||
|
|
||||||
|
cls.client_crl_ref = cls._store_secret(
|
||||||
|
cls.barbican_mgr,
|
||||||
|
cls.client_crl.public_bytes(serialization.Encoding.PEM))
|
||||||
|
|
||||||
|
cls._load_pool_pki()
|
||||||
|
|
||||||
lb_name = data_utils.rand_name("lb_member_lb1_listener")
|
lb_name = data_utils.rand_name("lb_member_lb1_listener")
|
||||||
lb_kwargs = {const.PROVIDER: CONF.load_balancer.provider,
|
lb_kwargs = {const.PROVIDER: CONF.load_balancer.provider,
|
||||||
const.NAME: lb_name}
|
const.NAME: lb_name}
|
||||||
@ -93,6 +264,18 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
'on Octavia API version 2.25 or newer.')
|
'on Octavia API version 2.25 or newer.')
|
||||||
self._test_listener_create(const.PROMETHEUS, 8090)
|
self._test_listener_create(const.PROMETHEUS, 8090)
|
||||||
|
|
||||||
|
@decorators.idempotent_id('df9861c5-4a2a-4122-8d8f-5556156e343e')
|
||||||
|
@testtools.skipUnless(
|
||||||
|
CONF.loadbalancer_feature_enabled.terminated_tls_enabled,
|
||||||
|
'[loadbalancer-feature-enabled] "terminated_tls_enabled" is '
|
||||||
|
'False in the tempest configuration. TLS tests will be skipped.')
|
||||||
|
def test_terminated_https_listener_create(self):
|
||||||
|
if not self.should_apply_terminated_https():
|
||||||
|
raise self.skipException(
|
||||||
|
f'Listener API tests with {const.TERMINATED_HTTPS} protocol'
|
||||||
|
' require the either the barbican service,or running in noop.')
|
||||||
|
self._test_listener_create(const.TERMINATED_HTTPS, 8095)
|
||||||
|
|
||||||
@decorators.idempotent_id('7b53f336-47bc-45ae-bbd7-4342ef0673fc')
|
@decorators.idempotent_id('7b53f336-47bc-45ae-bbd7-4342ef0673fc')
|
||||||
def test_udp_listener_create(self):
|
def test_udp_listener_create(self):
|
||||||
self._test_listener_create(const.UDP, 8003)
|
self._test_listener_create(const.UDP, 8003)
|
||||||
@ -127,10 +310,6 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
# but this will allow us to test that the field isn't mandatory,
|
# but this will allow us to test that the field isn't mandatory,
|
||||||
# as well as not conflate pool failures with listener test failures
|
# as well as not conflate pool failures with listener test failures
|
||||||
# const.DEFAULT_POOL_ID: self.pool_id,
|
# const.DEFAULT_POOL_ID: self.pool_id,
|
||||||
|
|
||||||
# TODO(rm_work): need to add TLS related stuff
|
|
||||||
# const.DEFAULT_TLS_CONTAINER_REF: '',
|
|
||||||
# const.SNI_CONTAINER_REFS: [],
|
|
||||||
}
|
}
|
||||||
if protocol == const.HTTP:
|
if protocol == const.HTTP:
|
||||||
listener_kwargs[const.INSERT_HEADERS] = {
|
listener_kwargs[const.INSERT_HEADERS] = {
|
||||||
@ -138,6 +317,15 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
const.X_FORWARDED_PORT: "true",
|
const.X_FORWARDED_PORT: "true",
|
||||||
const.X_FORWARDED_PROTO: "true",
|
const.X_FORWARDED_PROTO: "true",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Add terminated_https args
|
||||||
|
if self.should_apply_terminated_https(protocol=protocol):
|
||||||
|
listener_kwargs.update({
|
||||||
|
const.DEFAULT_TLS_CONTAINER_REF: self.server_secret_ref,
|
||||||
|
const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
|
||||||
|
self.SNI2_secret_ref],
|
||||||
|
})
|
||||||
|
|
||||||
if self.mem_listener_client.is_version_supported(
|
if self.mem_listener_client.is_version_supported(
|
||||||
self.api_version, '2.1'):
|
self.api_version, '2.1'):
|
||||||
listener_kwargs.update({
|
listener_kwargs.update({
|
||||||
@ -239,6 +427,14 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
self.assertTrue(strutils.bool_from_string(
|
self.assertTrue(strutils.bool_from_string(
|
||||||
insert_headers[const.X_FORWARDED_PROTO]))
|
insert_headers[const.X_FORWARDED_PROTO]))
|
||||||
|
|
||||||
|
# Add terminated_https args
|
||||||
|
if self.should_apply_terminated_https(protocol=protocol):
|
||||||
|
self.assertEqual(self.server_secret_ref,
|
||||||
|
listener[const.DEFAULT_TLS_CONTAINER_REF])
|
||||||
|
self.assertEqual(sorted([self.SNI1_secret_ref,
|
||||||
|
self.SNI2_secret_ref]),
|
||||||
|
sorted(listener[const.SNI_CONTAINER_REFS]))
|
||||||
|
|
||||||
if self.mem_listener_client.is_version_supported(
|
if self.mem_listener_client.is_version_supported(
|
||||||
self.api_version, '2.5'):
|
self.api_version, '2.5'):
|
||||||
self.assertCountEqual(listener_kwargs[const.TAGS],
|
self.assertCountEqual(listener_kwargs[const.TAGS],
|
||||||
@ -272,6 +468,34 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
const.SCTP,
|
const.SCTP,
|
||||||
const.HTTPS, 8013)
|
const.HTTPS, 8013)
|
||||||
|
|
||||||
|
@decorators.idempotent_id('128dabd0-3a9b-4c11-9ef5-8d189a290f17')
|
||||||
|
@testtools.skipUnless(
|
||||||
|
CONF.loadbalancer_feature_enabled.terminated_tls_enabled,
|
||||||
|
'[loadbalancer-feature-enabled] "terminated_tls_enabled" is '
|
||||||
|
'False in the tempest configuration. TLS tests will be skipped.')
|
||||||
|
def test_http_udp_terminated_https_listener_create_on_same_port(self):
|
||||||
|
if not self.should_apply_terminated_https():
|
||||||
|
raise self.skipException(
|
||||||
|
f'Listener API tests with {const.TERMINATED_HTTPS} protocol'
|
||||||
|
' require the either the barbican service,or running in noop.')
|
||||||
|
self._test_listener_create_on_same_port(const.HTTP, const.UDP,
|
||||||
|
const.SCTP,
|
||||||
|
const.TERMINATED_HTTPS, 8014)
|
||||||
|
|
||||||
|
@decorators.idempotent_id('21da2598-c79e-4548-8fe0-b47749027010')
|
||||||
|
@testtools.skipUnless(
|
||||||
|
CONF.loadbalancer_feature_enabled.terminated_tls_enabled,
|
||||||
|
'[loadbalancer-feature-enabled] "terminated_tls_enabled" is '
|
||||||
|
'False in the tempest configuration. TLS tests will be skipped.')
|
||||||
|
def test_tcp_udp_terminated_https_listener_create_on_same_port(self):
|
||||||
|
if not self.should_apply_terminated_https():
|
||||||
|
raise self.skipException(
|
||||||
|
f'Listener API tests with {const.TERMINATED_HTTPS} protocol'
|
||||||
|
' require the either the barbican service,or running in noop.')
|
||||||
|
self._test_listener_create_on_same_port(const.TCP, const.UDP,
|
||||||
|
const.SCTP,
|
||||||
|
const.TERMINATED_HTTPS, 8015)
|
||||||
|
|
||||||
def _test_listener_create_on_same_port(self, protocol1, protocol2,
|
def _test_listener_create_on_same_port(self, protocol1, protocol2,
|
||||||
protocol3, protocol4,
|
protocol3, protocol4,
|
||||||
protocol_port):
|
protocol_port):
|
||||||
@ -431,6 +655,14 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
const.CONNECTION_LIMIT: 200,
|
const.CONNECTION_LIMIT: 200,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Add terminated_https args
|
||||||
|
if self.should_apply_terminated_https(protocol=protocol4):
|
||||||
|
listener5_kwargs.update({
|
||||||
|
const.DEFAULT_TLS_CONTAINER_REF: self.server_secret_ref,
|
||||||
|
const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
|
||||||
|
self.SNI2_secret_ref],
|
||||||
|
})
|
||||||
|
|
||||||
self.assertRaises(
|
self.assertRaises(
|
||||||
exceptions.Conflict,
|
exceptions.Conflict,
|
||||||
self.mem_listener_client.create_listener,
|
self.mem_listener_client.create_listener,
|
||||||
@ -467,6 +699,18 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
def test_sctp_listener_list(self):
|
def test_sctp_listener_list(self):
|
||||||
self._test_listener_list(const.SCTP, 8041)
|
self._test_listener_list(const.SCTP, 8041)
|
||||||
|
|
||||||
|
@decorators.idempotent_id('aed69f58-fe69-401d-bf07-37b0d6d8437f')
|
||||||
|
@testtools.skipUnless(
|
||||||
|
CONF.loadbalancer_feature_enabled.terminated_tls_enabled,
|
||||||
|
'[loadbalancer-feature-enabled] "terminated_tls_enabled" is '
|
||||||
|
'False in the tempest configuration. TLS tests will be skipped.')
|
||||||
|
def test_terminated_https_listener_list(self):
|
||||||
|
if not self.should_apply_terminated_https():
|
||||||
|
raise self.skipException(
|
||||||
|
f'Listener API tests with {const.TERMINATED_HTTPS} protocol'
|
||||||
|
' require the either the barbican service,or running in noop.')
|
||||||
|
self._test_listener_list(const.TERMINATED_HTTPS, 8042)
|
||||||
|
|
||||||
def _test_listener_list(self, protocol, protocol_port_base):
|
def _test_listener_list(self, protocol, protocol_port_base):
|
||||||
"""Tests listener list API and field filtering.
|
"""Tests listener list API and field filtering.
|
||||||
|
|
||||||
@ -518,6 +762,14 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
"Marketing", "Creativity"]
|
"Marketing", "Creativity"]
|
||||||
listener1_kwargs.update({const.TAGS: listener1_tags})
|
listener1_kwargs.update({const.TAGS: listener1_tags})
|
||||||
|
|
||||||
|
# Add terminated_https args
|
||||||
|
if self.should_apply_terminated_https(protocol=protocol):
|
||||||
|
listener1_kwargs.update({
|
||||||
|
const.DEFAULT_TLS_CONTAINER_REF: self.server_secret_ref,
|
||||||
|
const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
|
||||||
|
self.SNI2_secret_ref],
|
||||||
|
})
|
||||||
|
|
||||||
listener1 = self.mem_listener_client.create_listener(
|
listener1 = self.mem_listener_client.create_listener(
|
||||||
**listener1_kwargs)
|
**listener1_kwargs)
|
||||||
self.addCleanup(
|
self.addCleanup(
|
||||||
@ -557,6 +809,14 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
"Soft_skills", "Creativity"]
|
"Soft_skills", "Creativity"]
|
||||||
listener2_kwargs.update({const.TAGS: listener2_tags})
|
listener2_kwargs.update({const.TAGS: listener2_tags})
|
||||||
|
|
||||||
|
# Add terminated_https args
|
||||||
|
if self.should_apply_terminated_https(protocol=protocol):
|
||||||
|
listener2_kwargs.update({
|
||||||
|
const.DEFAULT_TLS_CONTAINER_REF: self.server_secret_ref,
|
||||||
|
const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
|
||||||
|
self.SNI2_secret_ref],
|
||||||
|
})
|
||||||
|
|
||||||
listener2 = self.mem_listener_client.create_listener(
|
listener2 = self.mem_listener_client.create_listener(
|
||||||
**listener2_kwargs)
|
**listener2_kwargs)
|
||||||
self.addCleanup(
|
self.addCleanup(
|
||||||
@ -596,6 +856,14 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
"Communication", "Creativity"]
|
"Communication", "Creativity"]
|
||||||
listener3_kwargs.update({const.TAGS: listener3_tags})
|
listener3_kwargs.update({const.TAGS: listener3_tags})
|
||||||
|
|
||||||
|
# Add terminated_https args
|
||||||
|
if self.should_apply_terminated_https(protocol=protocol):
|
||||||
|
listener3_kwargs.update({
|
||||||
|
const.DEFAULT_TLS_CONTAINER_REF: self.server_secret_ref,
|
||||||
|
const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
|
||||||
|
self.SNI2_secret_ref],
|
||||||
|
})
|
||||||
|
|
||||||
listener3 = self.mem_listener_client.create_listener(
|
listener3 = self.mem_listener_client.create_listener(
|
||||||
**listener3_kwargs)
|
**listener3_kwargs)
|
||||||
self.addCleanup(
|
self.addCleanup(
|
||||||
@ -845,6 +1113,18 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
def test_sctp_listener_show(self):
|
def test_sctp_listener_show(self):
|
||||||
self._test_listener_show(const.SCTP, 8054)
|
self._test_listener_show(const.SCTP, 8054)
|
||||||
|
|
||||||
|
@decorators.idempotent_id('2c2e7146-0efc-44b6-8401-f1c69c2422fe')
|
||||||
|
@testtools.skipUnless(
|
||||||
|
CONF.loadbalancer_feature_enabled.terminated_tls_enabled,
|
||||||
|
'[loadbalancer-feature-enabled] "terminated_tls_enabled" is '
|
||||||
|
'False in the tempest configuration. TLS tests will be skipped.')
|
||||||
|
def test_terminated_https_listener_show(self):
|
||||||
|
if not self.should_apply_terminated_https():
|
||||||
|
raise self.skipException(
|
||||||
|
f'Listener API tests with {const.TERMINATED_HTTPS} protocol'
|
||||||
|
' require the either the barbican service,or running in noop.')
|
||||||
|
self._test_listener_show(const.TERMINATED_HTTPS, 8055)
|
||||||
|
|
||||||
def _test_listener_show(self, protocol, protocol_port):
|
def _test_listener_show(self, protocol, protocol_port):
|
||||||
"""Tests listener show API.
|
"""Tests listener show API.
|
||||||
|
|
||||||
@ -866,10 +1146,7 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
const.PROTOCOL_PORT: protocol_port,
|
const.PROTOCOL_PORT: protocol_port,
|
||||||
const.LOADBALANCER_ID: self.lb_id,
|
const.LOADBALANCER_ID: self.lb_id,
|
||||||
const.CONNECTION_LIMIT: 200,
|
const.CONNECTION_LIMIT: 200,
|
||||||
# TODO(rm_work): need to finish the rest of this stuff
|
|
||||||
# const.DEFAULT_POOL_ID: '',
|
# const.DEFAULT_POOL_ID: '',
|
||||||
# const.DEFAULT_TLS_CONTAINER_REF: '',
|
|
||||||
# const.SNI_CONTAINER_REFS: [],
|
|
||||||
}
|
}
|
||||||
if protocol == const.HTTP:
|
if protocol == const.HTTP:
|
||||||
listener_kwargs[const.INSERT_HEADERS] = {
|
listener_kwargs[const.INSERT_HEADERS] = {
|
||||||
@ -878,6 +1155,14 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
const.X_FORWARDED_PROTO: "true",
|
const.X_FORWARDED_PROTO: "true",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Add terminated_https args
|
||||||
|
if self.should_apply_terminated_https(protocol=protocol):
|
||||||
|
listener_kwargs.update({
|
||||||
|
const.DEFAULT_TLS_CONTAINER_REF: self.server_secret_ref,
|
||||||
|
const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
|
||||||
|
self.SNI2_secret_ref],
|
||||||
|
})
|
||||||
|
|
||||||
if self.mem_listener_client.is_version_supported(
|
if self.mem_listener_client.is_version_supported(
|
||||||
self.api_version, '2.1'):
|
self.api_version, '2.1'):
|
||||||
listener_kwargs.update({
|
listener_kwargs.update({
|
||||||
@ -947,6 +1232,14 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
self.assertTrue(strutils.bool_from_string(
|
self.assertTrue(strutils.bool_from_string(
|
||||||
insert_headers[const.X_FORWARDED_PROTO]))
|
insert_headers[const.X_FORWARDED_PROTO]))
|
||||||
|
|
||||||
|
# Add terminated_https args
|
||||||
|
if self.should_apply_terminated_https(protocol=protocol):
|
||||||
|
self.assertEqual(self.server_secret_ref,
|
||||||
|
listener[const.DEFAULT_TLS_CONTAINER_REF])
|
||||||
|
self.assertEqual(sorted([self.SNI1_secret_ref,
|
||||||
|
self.SNI2_secret_ref]),
|
||||||
|
sorted(listener[const.SNI_CONTAINER_REFS]))
|
||||||
|
|
||||||
parser.parse(listener[const.CREATED_AT])
|
parser.parse(listener[const.CREATED_AT])
|
||||||
parser.parse(listener[const.UPDATED_AT])
|
parser.parse(listener[const.UPDATED_AT])
|
||||||
UUID(listener[const.ID])
|
UUID(listener[const.ID])
|
||||||
@ -1010,6 +1303,18 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
def test_sctp_listener_update(self):
|
def test_sctp_listener_update(self):
|
||||||
self._test_listener_update(const.SCTP, 8064)
|
self._test_listener_update(const.SCTP, 8064)
|
||||||
|
|
||||||
|
@decorators.idempotent_id('2ae08e10-fbf8-46d8-a073-15f90454d718')
|
||||||
|
@testtools.skipUnless(
|
||||||
|
CONF.loadbalancer_feature_enabled.terminated_tls_enabled,
|
||||||
|
'[loadbalancer-feature-enabled] "terminated_tls_enabled" is '
|
||||||
|
'False in the tempest configuration. TLS tests will be skipped.')
|
||||||
|
def test_terminated_https_listener_update(self):
|
||||||
|
if not self.should_apply_terminated_https():
|
||||||
|
raise self.skipException(
|
||||||
|
f'Listener API tests with {const.TERMINATED_HTTPS} protocol'
|
||||||
|
' require the either the barbican service,or running in noop.')
|
||||||
|
self._test_listener_update(const.TERMINATED_HTTPS, 8065)
|
||||||
|
|
||||||
def _test_listener_update(self, protocol, protocol_port):
|
def _test_listener_update(self, protocol, protocol_port):
|
||||||
"""Tests listener update and show APIs.
|
"""Tests listener update and show APIs.
|
||||||
|
|
||||||
@ -1034,10 +1339,7 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
const.PROTOCOL_PORT: protocol_port,
|
const.PROTOCOL_PORT: protocol_port,
|
||||||
const.LOADBALANCER_ID: self.lb_id,
|
const.LOADBALANCER_ID: self.lb_id,
|
||||||
const.CONNECTION_LIMIT: 200,
|
const.CONNECTION_LIMIT: 200,
|
||||||
# TODO(rm_work): need to finish the rest of this stuff
|
|
||||||
# const.DEFAULT_POOL_ID: '',
|
# const.DEFAULT_POOL_ID: '',
|
||||||
# const.DEFAULT_TLS_CONTAINER_REF: '',
|
|
||||||
# const.SNI_CONTAINER_REFS: [],
|
|
||||||
}
|
}
|
||||||
if protocol == const.HTTP:
|
if protocol == const.HTTP:
|
||||||
listener_kwargs[const.INSERT_HEADERS] = {
|
listener_kwargs[const.INSERT_HEADERS] = {
|
||||||
@ -1046,6 +1348,14 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
const.X_FORWARDED_PROTO: "true"
|
const.X_FORWARDED_PROTO: "true"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Add terminated_https args
|
||||||
|
if self.should_apply_terminated_https(protocol=protocol):
|
||||||
|
listener_kwargs.update({
|
||||||
|
const.DEFAULT_TLS_CONTAINER_REF: self.server_secret_ref,
|
||||||
|
const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
|
||||||
|
self.SNI2_secret_ref],
|
||||||
|
})
|
||||||
|
|
||||||
if self.mem_listener_client.is_version_supported(
|
if self.mem_listener_client.is_version_supported(
|
||||||
self.api_version, '2.1'):
|
self.api_version, '2.1'):
|
||||||
listener_kwargs.update({
|
listener_kwargs.update({
|
||||||
@ -1099,6 +1409,13 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
insert_headers[const.X_FORWARDED_PORT]))
|
insert_headers[const.X_FORWARDED_PORT]))
|
||||||
self.assertTrue(strutils.bool_from_string(
|
self.assertTrue(strutils.bool_from_string(
|
||||||
insert_headers[const.X_FORWARDED_PROTO]))
|
insert_headers[const.X_FORWARDED_PROTO]))
|
||||||
|
# Add terminated_https args
|
||||||
|
if self.should_apply_terminated_https(protocol=protocol):
|
||||||
|
self.assertEqual(self.server_secret_ref,
|
||||||
|
listener[const.DEFAULT_TLS_CONTAINER_REF])
|
||||||
|
self.assertEqual(sorted([self.SNI1_secret_ref,
|
||||||
|
self.SNI2_secret_ref]),
|
||||||
|
sorted(listener[const.SNI_CONTAINER_REFS]))
|
||||||
if self.mem_listener_client.is_version_supported(
|
if self.mem_listener_client.is_version_supported(
|
||||||
self.api_version, '2.1'):
|
self.api_version, '2.1'):
|
||||||
self.assertEqual(1000, listener[const.TIMEOUT_CLIENT_DATA])
|
self.assertEqual(1000, listener[const.TIMEOUT_CLIENT_DATA])
|
||||||
@ -1145,8 +1462,6 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
const.CONNECTION_LIMIT: 400,
|
const.CONNECTION_LIMIT: 400,
|
||||||
# TODO(rm_work): need to finish the rest of this stuff
|
# TODO(rm_work): need to finish the rest of this stuff
|
||||||
# const.DEFAULT_POOL_ID: '',
|
# const.DEFAULT_POOL_ID: '',
|
||||||
# const.DEFAULT_TLS_CONTAINER_REF: '',
|
|
||||||
# const.SNI_CONTAINER_REFS: [],
|
|
||||||
}
|
}
|
||||||
if protocol == const.HTTP:
|
if protocol == const.HTTP:
|
||||||
listener_update_kwargs[const.INSERT_HEADERS] = {
|
listener_update_kwargs[const.INSERT_HEADERS] = {
|
||||||
@ -1154,6 +1469,13 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
const.X_FORWARDED_PORT: "false",
|
const.X_FORWARDED_PORT: "false",
|
||||||
const.X_FORWARDED_PROTO: "false"
|
const.X_FORWARDED_PROTO: "false"
|
||||||
}
|
}
|
||||||
|
# Add terminated_https args
|
||||||
|
if self.should_apply_terminated_https(protocol=protocol):
|
||||||
|
listener_update_kwargs.update({
|
||||||
|
const.DEFAULT_TLS_CONTAINER_REF: self.SNI2_secret_ref,
|
||||||
|
const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
|
||||||
|
self.server_secret_ref],
|
||||||
|
})
|
||||||
if self.mem_listener_client.is_version_supported(
|
if self.mem_listener_client.is_version_supported(
|
||||||
self.api_version, '2.1'):
|
self.api_version, '2.1'):
|
||||||
listener_update_kwargs.update({
|
listener_update_kwargs.update({
|
||||||
@ -1224,6 +1546,13 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
insert_headers[const.X_FORWARDED_PORT]))
|
insert_headers[const.X_FORWARDED_PORT]))
|
||||||
self.assertFalse(strutils.bool_from_string(
|
self.assertFalse(strutils.bool_from_string(
|
||||||
insert_headers[const.X_FORWARDED_PROTO]))
|
insert_headers[const.X_FORWARDED_PROTO]))
|
||||||
|
# Add terminated_https args
|
||||||
|
if self.should_apply_terminated_https(protocol=protocol):
|
||||||
|
self.assertEqual(self.SNI2_secret_ref,
|
||||||
|
listener[const.DEFAULT_TLS_CONTAINER_REF])
|
||||||
|
self.assertEqual(sorted([self.SNI1_secret_ref,
|
||||||
|
self.server_secret_ref]),
|
||||||
|
sorted(listener[const.SNI_CONTAINER_REFS]))
|
||||||
if self.mem_listener_client.is_version_supported(
|
if self.mem_listener_client.is_version_supported(
|
||||||
self.api_version, '2.1'):
|
self.api_version, '2.1'):
|
||||||
self.assertEqual(2000, listener[const.TIMEOUT_CLIENT_DATA])
|
self.assertEqual(2000, listener[const.TIMEOUT_CLIENT_DATA])
|
||||||
@ -1274,6 +1603,18 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
def test_sctp_listener_delete(self):
|
def test_sctp_listener_delete(self):
|
||||||
self._test_listener_delete(const.SCTP, 8074)
|
self._test_listener_delete(const.SCTP, 8074)
|
||||||
|
|
||||||
|
@decorators.idempotent_id('ef357dcc-c9a0-40fe-a15c-b368f15d7187')
|
||||||
|
@testtools.skipUnless(
|
||||||
|
CONF.loadbalancer_feature_enabled.terminated_tls_enabled,
|
||||||
|
'[loadbalancer-feature-enabled] "terminated_tls_enabled" is '
|
||||||
|
'False in the tempest configuration. TLS tests will be skipped.')
|
||||||
|
def test_terminated_https_listener_delete(self):
|
||||||
|
if not self.should_apply_terminated_https():
|
||||||
|
raise self.skipException(
|
||||||
|
f'Listener API tests with {const.TERMINATED_HTTPS} protocol'
|
||||||
|
' require the either the barbican service,or running in noop.')
|
||||||
|
self._test_listener_delete(const.TERMINATED_HTTPS, 8075)
|
||||||
|
|
||||||
def _test_listener_delete(self, protocol, protocol_port):
|
def _test_listener_delete(self, protocol, protocol_port):
|
||||||
"""Tests listener create and delete APIs.
|
"""Tests listener create and delete APIs.
|
||||||
|
|
||||||
@ -1292,6 +1633,15 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
const.PROTOCOL_PORT: protocol_port,
|
const.PROTOCOL_PORT: protocol_port,
|
||||||
const.LOADBALANCER_ID: self.lb_id,
|
const.LOADBALANCER_ID: self.lb_id,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Add terminated_https args
|
||||||
|
if self.should_apply_terminated_https(protocol=protocol):
|
||||||
|
listener_kwargs.update({
|
||||||
|
const.DEFAULT_TLS_CONTAINER_REF: self.server_secret_ref,
|
||||||
|
const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
|
||||||
|
self.SNI2_secret_ref],
|
||||||
|
})
|
||||||
|
|
||||||
listener = self.mem_listener_client.create_listener(**listener_kwargs)
|
listener = self.mem_listener_client.create_listener(**listener_kwargs)
|
||||||
|
|
||||||
waiters.wait_for_status(
|
waiters.wait_for_status(
|
||||||
@ -1355,6 +1705,18 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
def test_sctp_listener_show_stats(self):
|
def test_sctp_listener_show_stats(self):
|
||||||
self._test_listener_show_stats(const.SCTP, 8084)
|
self._test_listener_show_stats(const.SCTP, 8084)
|
||||||
|
|
||||||
|
@decorators.idempotent_id('c39c996f-9633-4d81-a5f1-e94643f0c650')
|
||||||
|
@testtools.skipUnless(
|
||||||
|
CONF.loadbalancer_feature_enabled.terminated_tls_enabled,
|
||||||
|
'[loadbalancer-feature-enabled] "terminated_tls_enabled" is '
|
||||||
|
'False in the tempest configuration. TLS tests will be skipped.')
|
||||||
|
def test_terminated_https_listener_show_stats(self):
|
||||||
|
if not self.should_apply_terminated_https():
|
||||||
|
raise self.skipException(
|
||||||
|
f'Listener API tests with {const.TERMINATED_HTTPS} protocol'
|
||||||
|
' require the either the barbican service,or running in noop.')
|
||||||
|
self._test_listener_show_stats(const.TERMINATED_HTTPS, 8085)
|
||||||
|
|
||||||
def _test_listener_show_stats(self, protocol, protocol_port):
|
def _test_listener_show_stats(self, protocol, protocol_port):
|
||||||
"""Tests listener show statistics API.
|
"""Tests listener show statistics API.
|
||||||
|
|
||||||
@ -1379,6 +1741,14 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||||||
const.CONNECTION_LIMIT: 200,
|
const.CONNECTION_LIMIT: 200,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Add terminated_https args
|
||||||
|
if self.should_apply_terminated_https(protocol=protocol):
|
||||||
|
listener_kwargs.update({
|
||||||
|
const.DEFAULT_TLS_CONTAINER_REF: self.server_secret_ref,
|
||||||
|
const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
|
||||||
|
self.SNI2_secret_ref],
|
||||||
|
})
|
||||||
|
|
||||||
listener = self.mem_listener_client.create_listener(**listener_kwargs)
|
listener = self.mem_listener_client.create_listener(**listener_kwargs)
|
||||||
self.addCleanup(
|
self.addCleanup(
|
||||||
self.mem_listener_client.cleanup_listener,
|
self.mem_listener_client.cleanup_listener,
|
||||||
|
@ -504,6 +504,8 @@
|
|||||||
enabled: True
|
enabled: True
|
||||||
audit_middleware_notifications:
|
audit_middleware_notifications:
|
||||||
driver: log
|
driver: log
|
||||||
|
certificates:
|
||||||
|
cert_manager: noop_cert_manager
|
||||||
tempest_concurrency: 4
|
tempest_concurrency: 4
|
||||||
tempest_test_regex: ^octavia_tempest_plugin.tests.api.v2
|
tempest_test_regex: ^octavia_tempest_plugin.tests.api.v2
|
||||||
tox_envlist: all
|
tox_envlist: all
|
||||||
|
Loading…
Reference in New Issue
Block a user