From 98998c18fe07fa9c15345173b9e6cf73baee2de5 Mon Sep 17 00:00:00 2001 From: Kenneth Giusti Date: Fri, 6 Sep 2024 09:51:18 -0400 Subject: [PATCH] Workaround: allow for temporary connection failures (need investigation) --- tests/system_tests_tcp_adaptor_tls.py | 87 ++++++++++++++++----------- 1 file changed, 53 insertions(+), 34 deletions(-) diff --git a/tests/system_tests_tcp_adaptor_tls.py b/tests/system_tests_tcp_adaptor_tls.py index 247391afe..858405295 100644 --- a/tests/system_tests_tcp_adaptor_tls.py +++ b/tests/system_tests_tcp_adaptor_tls.py @@ -17,6 +17,7 @@ # under the License. # import os +from time import sleep from system_test import unittest, TestCase, Qdrouterd, NcatException, Logger, Process, run_curl, \ CA_CERT, CLIENT_CERTIFICATE, CLIENT_PRIVATE_KEY, CLIENT_PRIVATE_KEY_PASSWORD, \ SERVER_CERTIFICATE, SERVER_PRIVATE_KEY, SERVER_PRIVATE_KEY_PASSWORD, SERVER_PRIVATE_KEY_NO_PASS, BAD_CA_CERT, \ @@ -26,6 +27,7 @@ from system_test import SERVER2_CERTIFICATE, SERVER2_PRIVATE_KEY, SERVER2_PRIVATE_KEY_PASSWORD from system_test import SSL_PROFILE_TYPE from system_test import is_pattern_present +from system_test import retry from system_tests_ssl import RouterTestSslBase from system_tests_tcp_adaptor import TcpAdaptorBase, CommonTcpTests, ncat_available from http1_tests import wait_tcp_listeners_up @@ -839,15 +841,41 @@ def test_ssl_profile_update(self): client_ssl_info['CLIENT_PRIVATE_KEY'] = CLIENT_PRIVATE_KEY client_ssl_info['CLIENT_PRIVATE_KEY_PASSWORD'] = CLIENT_PRIVATE_KEY_PASSWORD - out, error = self.opensslclient(port=self.router_listener_port, - ssl_info=client_ssl_info, - data=b"Sanity Check the Configuration!" + payload, - cl_args=['-verify', '10', - '-verify_return_error']) - self.assertIn(b"Verification: OK", out, f"{error}") - self.assertIn(b"Verify return code: 0 (ok)", out, f"{error}") - - openssl_server.wait_out_message("Sanity Check the Configuration!") + def ping(self, client_ssl_info, pattern, server_logpath): + # Helper routine: try to create a TLS connection across the + # routers, return True if successful + try: + out, error = self.opensslclient(port=self.router_listener_port, + ssl_info=client_ssl_info, + data=pattern.encode() + payload, + cl_args=['-verify', '10', + '-verify_return_error']) + except Exception as exc: + print(f"s_client failed: '{exc}'", flush=True) + return False + if b"Verification: OK" not in out: + print(f"s_client failed: '{error}'", flush=True) + return False + if b"Verify return code: 0 (ok)" not in out: + print(f"s_client failed: '{error}'", flush=True) + return False + + # compensate for the slight delay where the server flushes to the + # log - not critical because we retry on failure + sleep(0.25) + with open(server_logpath, 'rt') as log_file: + if not is_pattern_present(log_file, pattern): + print(f"Server pattern not found: '{pattern}'", flush=True) + return False + return True + + # Check the initial configuration + + self.assertTrue(retry(lambda ssl_info=client_ssl_info, + data="Sanity Check the Configuration", + path=openssl_server.outfile_path: + ping(self, ssl_info, data, path), + timeout=10.0, delay=0.5)) # # Attempt to update the listener-side sslProfile with the wrong @@ -874,15 +902,11 @@ def test_ssl_profile_update(self): out = skmgr_a.read(name='listener-ssl-profile') self.assertEqual(SERVER_PRIVATE_KEY_PASSWORD, out['password']) - out, error = self.opensslclient(port=self.router_listener_port, - ssl_info=client_ssl_info, - data=b"Hey password is good!" + payload, - cl_args=['-verify', '10', - '-verify_return_error']) - self.assertIn(b"Verification: OK", out, f"{error}") - self.assertIn(b"Verify return code: 0 (ok)", out, f"{error}") - - openssl_server.wait_out_message("Hey password is good!") + self.assertTrue(retry(lambda ssl_info=client_ssl_info, + data="Hey password is good!", + path=openssl_server.outfile_path: + ping(self, ssl_info, data, path), + timeout=10.0, delay=0.5)) # # Now update the listener sslProfile with a valid config, but one that @@ -912,15 +936,12 @@ def test_ssl_profile_update(self): client_ssl_info['CLIENT_CERTIFICATE'] = CLIENT2_CERTIFICATE client_ssl_info['CLIENT_PRIVATE_KEY'] = CLIENT2_PRIVATE_KEY client_ssl_info['CLIENT_PRIVATE_KEY_PASSWORD'] = CLIENT2_PRIVATE_KEY_PASSWORD - out, error = self.opensslclient(port=self.router_listener_port, - ssl_info=client_ssl_info, - data=b"Hey we recovered!" + payload, - cl_args=['-verify', '10', - '-verify_return_error']) - self.assertIn(b"Verification: OK", out, f"{error}") - self.assertIn(b"Verify return code: 0 (ok)", out, f"{error}") - openssl_server.wait_out_message("Hey we recovered!") + self.assertTrue(retry(lambda ssl_info=client_ssl_info, + data="Hey we recovered!", + path=openssl_server.outfile_path: + ping(self, ssl_info, data, path), + timeout=10.0, delay=0.5)) # # Test updates on the connector sslProfile @@ -964,11 +985,9 @@ def test_ssl_profile_update(self): 'password': CLIENT2_PRIVATE_KEY_PASSWORD} skmgr_b = self.router_qdrb.sk_manager skmgr_b.update(SSL_PROFILE_TYPE, new_cfg, name='connector-ssl-profile') - out, error = self.opensslclient(port=self.router_listener_port, - ssl_info=client_ssl_info, - data=b"The server conn must succeed!" + payload, - cl_args=['-verify', '10', - '-verify_return_error']) - self.assertIn(b"Verification: OK", out, f"{error}") - self.assertIn(b"Verify return code: 0 (ok)", out, f"{error}") - openssl_server.wait_out_message("The server conn must succeed!") + + self.assertTrue(retry(lambda ssl_info=client_ssl_info, + data="The server conn must succeed!", + path=openssl_server.outfile_path: + ping(self, ssl_info, data, path), + timeout=10.0, delay=0.5))