Skip to content

Commit

Permalink
Workaround: allow for temporary connection failures (need investigation)
Browse files Browse the repository at this point in the history
  • Loading branch information
@kgiusti
kgiusti committed Sep 6, 2024
1 parent 8037cdb commit 98998c1
Showing 1 changed file with 53 additions and 34 deletions.
87 changes: 53 additions & 34 deletions tests/system_tests_tcp_adaptor_tls.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
# under the License.
#
import os
from time import sleep
from system_test import unittest, TestCase, Qdrouterd, NcatException, Logger, Process, run_curl, \
CA_CERT, CLIENT_CERTIFICATE, CLIENT_PRIVATE_KEY, CLIENT_PRIVATE_KEY_PASSWORD, \
SERVER_CERTIFICATE, SERVER_PRIVATE_KEY, SERVER_PRIVATE_KEY_PASSWORD, SERVER_PRIVATE_KEY_NO_PASS, BAD_CA_CERT, \
Expand All @@ -26,6 +27,7 @@
from system_test import SERVER2_CERTIFICATE, SERVER2_PRIVATE_KEY, SERVER2_PRIVATE_KEY_PASSWORD
from system_test import SSL_PROFILE_TYPE
from system_test import is_pattern_present
from system_test import retry
from system_tests_ssl import RouterTestSslBase
from system_tests_tcp_adaptor import TcpAdaptorBase, CommonTcpTests, ncat_available
from http1_tests import wait_tcp_listeners_up
Expand Down Expand Up @@ -839,15 +841,41 @@ def test_ssl_profile_update(self):
client_ssl_info['CLIENT_PRIVATE_KEY'] = CLIENT_PRIVATE_KEY
client_ssl_info['CLIENT_PRIVATE_KEY_PASSWORD'] = CLIENT_PRIVATE_KEY_PASSWORD

out, error = self.opensslclient(port=self.router_listener_port,
ssl_info=client_ssl_info,
data=b"Sanity Check the Configuration!" + payload,
cl_args=['-verify', '10',
'-verify_return_error'])
self.assertIn(b"Verification: OK", out, f"{error}")
self.assertIn(b"Verify return code: 0 (ok)", out, f"{error}")

openssl_server.wait_out_message("Sanity Check the Configuration!")
def ping(self, client_ssl_info, pattern, server_logpath):
# Helper routine: try to create a TLS connection across the
# routers, return True if successful
try:
out, error = self.opensslclient(port=self.router_listener_port,
ssl_info=client_ssl_info,
data=pattern.encode() + payload,
cl_args=['-verify', '10',
'-verify_return_error'])
except Exception as exc:
print(f"s_client failed: '{exc}'", flush=True)
return False
if b"Verification: OK" not in out:
print(f"s_client failed: '{error}'", flush=True)
return False
if b"Verify return code: 0 (ok)" not in out:
print(f"s_client failed: '{error}'", flush=True)
return False

# compensate for the slight delay where the server flushes to the
# log - not critical because we retry on failure
sleep(0.25)
with open(server_logpath, 'rt') as log_file:
if not is_pattern_present(log_file, pattern):
print(f"Server pattern not found: '{pattern}'", flush=True)
return False
return True

# Check the initial configuration

self.assertTrue(retry(lambda ssl_info=client_ssl_info,
data="Sanity Check the Configuration",
path=openssl_server.outfile_path:
ping(self, ssl_info, data, path),
timeout=10.0, delay=0.5))

#
# Attempt to update the listener-side sslProfile with the wrong
Expand All @@ -874,15 +902,11 @@ def test_ssl_profile_update(self):
out = skmgr_a.read(name='listener-ssl-profile')
self.assertEqual(SERVER_PRIVATE_KEY_PASSWORD, out['password'])

out, error = self.opensslclient(port=self.router_listener_port,
ssl_info=client_ssl_info,
data=b"Hey password is good!" + payload,
cl_args=['-verify', '10',
'-verify_return_error'])
self.assertIn(b"Verification: OK", out, f"{error}")
self.assertIn(b"Verify return code: 0 (ok)", out, f"{error}")

openssl_server.wait_out_message("Hey password is good!")
self.assertTrue(retry(lambda ssl_info=client_ssl_info,
data="Hey password is good!",
path=openssl_server.outfile_path:
ping(self, ssl_info, data, path),
timeout=10.0, delay=0.5))

#
# Now update the listener sslProfile with a valid config, but one that
Expand Down Expand Up @@ -912,15 +936,12 @@ def test_ssl_profile_update(self):
client_ssl_info['CLIENT_CERTIFICATE'] = CLIENT2_CERTIFICATE
client_ssl_info['CLIENT_PRIVATE_KEY'] = CLIENT2_PRIVATE_KEY
client_ssl_info['CLIENT_PRIVATE_KEY_PASSWORD'] = CLIENT2_PRIVATE_KEY_PASSWORD
out, error = self.opensslclient(port=self.router_listener_port,
ssl_info=client_ssl_info,
data=b"Hey we recovered!" + payload,
cl_args=['-verify', '10',
'-verify_return_error'])
self.assertIn(b"Verification: OK", out, f"{error}")
self.assertIn(b"Verify return code: 0 (ok)", out, f"{error}")

openssl_server.wait_out_message("Hey we recovered!")
self.assertTrue(retry(lambda ssl_info=client_ssl_info,
data="Hey we recovered!",
path=openssl_server.outfile_path:
ping(self, ssl_info, data, path),
timeout=10.0, delay=0.5))

#
# Test updates on the connector sslProfile
Expand Down Expand Up @@ -964,11 +985,9 @@ def test_ssl_profile_update(self):
'password': CLIENT2_PRIVATE_KEY_PASSWORD}
skmgr_b = self.router_qdrb.sk_manager
skmgr_b.update(SSL_PROFILE_TYPE, new_cfg, name='connector-ssl-profile')
out, error = self.opensslclient(port=self.router_listener_port,
ssl_info=client_ssl_info,
data=b"The server conn must succeed!" + payload,
cl_args=['-verify', '10',
'-verify_return_error'])
self.assertIn(b"Verification: OK", out, f"{error}")
self.assertIn(b"Verify return code: 0 (ok)", out, f"{error}")
openssl_server.wait_out_message("The server conn must succeed!")

self.assertTrue(retry(lambda ssl_info=client_ssl_info,
data="The server conn must succeed!",
path=openssl_server.outfile_path:
ping(self, ssl_info, data, path),
timeout=10.0, delay=0.5))

0 comments on commit 98998c1

Please sign in to comment.