functional tests: add golang tests for client TLS cert handling

Signed-off-by: John Mulligan <jmulligan@redhat.com>
heketi · Jun 4, 2018 · da761a7 · da761a7
1 parent 2ee8696
commit da761a7
Show file tree

Hide file tree

Showing 3 changed files with 240 additions and 1 deletion.
diff --git a/tests/functional/TestEnabledTLS/client_tls_test/client_tls_test.go b/tests/functional/TestEnabledTLS/client_tls_test/client_tls_test.go
@@ -0,0 +1,118 @@
+// +build functional
+
+//
+// Copyright (c) 2018 The heketi Authors
+//
+// This file is licensed to you under your choice of the GNU Lesser
+// General Public License, version 3 or any later version (LGPLv3 or
+// later), as published by the Free Software Foundation,
+// or under the Apache License, Version 2.0 <LICENSE-APACHE2 or
+// http://www.apache.org/licenses/LICENSE-2.0>.
+//
+// You may not use this file except in compliance with those terms.
+//
+
+package client_tls_test
+
+import (
+	"testing"
+
+	client "github.com/heketi/heketi/client/api/go-client"
+	"github.com/heketi/heketi/pkg/glusterfs/api"
+
+	"github.com/heketi/tests"
+)
+
+var (
+	URL      = "https://localhost:8080"
+	User     = "abc"
+	Key      = "xyz"
+	CertPath = "../heketi.crt"
+)
+
+func TestCreateClusterTLSCert(t *testing.T) {
+	heketiServer := NewServerCtlFromEnv("..")
+	err := heketiServer.Start()
+	tests.Assert(t, err == nil, "expected err == nil, got:", err)
+	defer heketiServer.Stop()
+
+	heketi, err := client.NewClientTLS(URL, User, Key, &client.ClientTLSOptions{
+		VerifyCerts: []string{CertPath},
+	})
+	tests.Assert(t, err == nil, "expected err == nil, got:", err)
+	tests.Assert(t, heketi != nil, "expected heketi != nil, got:", heketi)
+
+	testClientActions(t, heketi)
+}
+
+func TestCreateClusterTLSNoVerify(t *testing.T) {
+	heketiServer := NewServerCtlFromEnv("..")
+	err := heketiServer.Start()
+	tests.Assert(t, err == nil, "expected err == nil, got:", err)
+	defer heketiServer.Stop()
+
+	heketi, err := client.NewClientTLS(URL, User, Key, &client.ClientTLSOptions{
+		InsecureSkipVerify: true,
+	})
+	tests.Assert(t, err == nil, "expected err == nil, got:", err)
+	tests.Assert(t, heketi != nil, "expected heketi != nil, got:", heketi)
+
+	testClientActions(t, heketi)
+}
+
+// This test checks that the client fails when the server is using
+// a self signed cert and none of the options needed for it
+// are provided.
+func TestClientFailUnknownAuthority(t *testing.T) {
+	heketiServer := NewServerCtlFromEnv("..")
+	err := heketiServer.Start()
+	tests.Assert(t, err == nil, "expected err == nil, got:", err)
+	defer heketiServer.Stop()
+
+	heketi, err := client.NewClientTLS(URL, User, Key, &client.ClientTLSOptions{})
+	tests.Assert(t, err == nil, "expected err == nil, got:", err)
+	tests.Assert(t, heketi != nil, "expected heketi != nil, got:", heketi)
+
+	clusterReq := &api.ClusterCreateRequest{
+		ClusterFlags: api.ClusterFlags{
+			Block: true,
+			File:  true,
+		},
+	}
+	_, err = heketi.ClusterCreate(clusterReq)
+	tests.Assert(t, err != nil, "expected err != nil, got:", err)
+}
+
+func testClientActions(t *testing.T, heketi *client.Client) {
+	clusterReq := &api.ClusterCreateRequest{
+		ClusterFlags: api.ClusterFlags{
+			Block: true,
+			File:  true,
+		},
+	}
+	cluster, err := heketi.ClusterCreate(clusterReq)
+	tests.Assert(t, err == nil, "expected err == nil, got:", err)
+	tests.Assert(t, cluster.Id != "", `expected cluster.Id != "", got ""`)
+
+	nodeReq := &api.NodeAddRequest{}
+	nodeReq.ClusterId = cluster.Id
+	nodeReq.Hostnames.Manage = []string{"foo"}
+	nodeReq.Hostnames.Storage = []string{"foo"}
+	nodeReq.Zone = 1
+	node, err := heketi.NodeAdd(nodeReq)
+	tests.Assert(t, err == nil, "expected err == nil, got:", err)
+	tests.Assert(t, node.Id != "", `expected node.Id != "", got ""`)
+
+	clusters, err := heketi.ClusterList()
+	tests.Assert(t, err == nil, err)
+	tests.Assert(t, len(clusters.Clusters) == 1,
+		"expected len(clusters.Clusters) == 1, got:", len(clusters.Clusters))
+
+	clusterInfo, err := heketi.ClusterInfo(clusters.Clusters[0])
+	tests.Assert(t, err == nil, "expected err == nil, got:", err)
+	tests.Assert(t, len(clusterInfo.Nodes) == 1,
+		"expected len(clusterInfo.Nodes) == 1, got:", len(clusterInfo.Nodes))
+	tests.Assert(t, clusterInfo.Nodes[0] == node.Id,
+		"expected clusterInfo.Nodes[0] == node.Id, got:",
+		clusterInfo.Nodes[0] == node.Id)
+}
diff --git a/tests/functional/TestEnabledTLS/client_tls_test/serverctl_test.go b/tests/functional/TestEnabledTLS/client_tls_test/serverctl_test.go
@@ -0,0 +1,103 @@
+// +build functional
+
+//
+// Copyright (c) 2018 The heketi Authors
+//
+// This file is licensed to you under your choice of the GNU Lesser
+// General Public License, version 3 or any later version (LGPLv3 or
+// later), as published by the Free Software Foundation,
+// or under the Apache License, Version 2.0 <LICENSE-APACHE2 or
+// http://www.apache.org/licenses/LICENSE-2.0>.
+//
+// You may not use this file except in compliance with those terms.
+//
+
+package client_tls_test
+
+import (
+	"errors"
+	"os"
+	"os/exec"
+	"path"
+	"syscall"
+	"time"
+)
+
+type ServerCtl struct {
+	serverDir string
+	heketiBin string
+	logPath   string
+	dbPath    string
+	keepDB    bool
+	// the real stuff
+	cmd       *exec.Cmd
+	cmdExited bool
+	cmdErr    error
+	logF      *os.File
+}
+
+func getEnvValue(k, val string) string {
+	if v := os.Getenv(k); v != "" {
+		return v
+	}
+	return val
+}
+
+func NewServerCtlFromEnv(dir string) *ServerCtl {
+	return &ServerCtl{
+		serverDir: getEnvValue("HEKETI_SERVER_DIR", dir),
+		heketiBin: getEnvValue("HEKETI_SERVER", "./heketi-server"),
+		logPath:   getEnvValue("HEKETI_LOG", "./heketi.log"),
+		dbPath:    getEnvValue("HEKETI_DB_PATH", "./heketi.db"),
+	}
+}
+
+func (s *ServerCtl) Start() error {
+	if !s.keepDB {
+		// do not preserve the heketi db between server instances
+		os.Remove(path.Join(s.serverDir, s.dbPath))
+	}
+	f, err := os.OpenFile(s.logPath, os.O_TRUNC|os.O_CREATE|os.O_RDWR, 0644)
+	if err != nil {
+		return err
+	}
+	s.logF = f
+	s.cmd = exec.Command(s.heketiBin, "--config=heketi.json")
+	s.cmd.Dir = s.serverDir
+	s.cmd.Stdout = f
+	s.cmd.Stderr = f
+	if err := s.cmd.Start(); err != nil {
+		return err
+	}
+	go func() {
+		s.cmdErr = s.cmd.Wait()
+		s.cmdExited = true
+	}()
+	time.Sleep(300 * time.Millisecond)
+	if !s.IsAlive() {
+		return errors.New("server exited early")
+	}
+	// dump some logs if heketi fails to start?
+	return nil
+}
+
+func (s *ServerCtl) IsAlive() bool {
+	if err := s.cmd.Process.Signal(syscall.Signal(0)); err != nil {
+		return false
+	}
+	return true
+}
+
+func (s *ServerCtl) Stop() error {
+	if err := s.cmd.Process.Signal(os.Interrupt); err != nil {
+		return err
+	}
+	time.Sleep(100 * time.Millisecond)
+	if !s.cmdExited {
+		if err := s.cmd.Process.Kill(); err != nil {
+			return err
+		}
+	}
+	s.logF.Close()
+	return nil
+}
diff --git a/tests/functional/TestEnabledTLS/run.sh b/tests/functional/TestEnabledTLS/run.sh
@@ -36,10 +36,28 @@ if ! command -v virtualenv &>/dev/null; then
     exit 0
 fi
 
+failures=()
+
 rm -rf .env
 export PYTHONPATH="$PYTHONPATH:$HEKETI_DIR/client/api/python"
 virtualenv .env
 . .env/bin/activate
 pip install -r "$HEKETI_DIR/client/api/python/requirements.txt"
+
 echo '----> Running test_tls.py'
-exec python test_tls.py -v "$@"
+python test_tls.py -v "$@"
+if [[ $? -ne 0 ]]; then
+    failures+=(test_tls.py)
+fi
+
+echo '----> Running client_tls_test'
+go test ./client_tls_test -v -tags functional
+if [[ $? -ne 0 ]]; then
+    failures+=(client_tls_test)
+fi
+
+if [[ "${#failures[@]}" -gt 0 ]]; then
+    echo "--- FAILED:" "${failures[@]}"
+    exit 1
+fi
+exit 0