Repository: qpid-dispatch Updated Branches: refs/heads/master 87e8611a5 -> 4c35796c4
DISPATCH-219: System test security configuration for installed/built tests. Got rid of cmake substitutions in python test files: On test errors, a python IDE will zap to the relevant line in the *substituted copy* not the real python source. Fixes accidentally made to the copy will be lost when source is copied again. Got rid of cmake substituted SASL configuration files. The system tests are installed and can be run on an installation as well as in the build, so they can't have build-specific paths in them. (Unit tests that are not installed don't have this restriction) Instead generate the SASL config files at run time in the test's local working directory. The system_test.py framework ensures this is always an isolated scratch directory used only by that test module. Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/4c35796c Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/4c35796c Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/4c35796c Branch: refs/heads/master Commit: 4c35796c4c514f92164b47a7dbf85739dd8a5a7c Parents: 87e8611 Author: Alan Conway <[email protected]> Authored: Mon Feb 15 17:07:43 2016 -0500 Committer: Alan Conway <[email protected]> Committed: Wed Feb 17 16:05:32 2016 -0500 ---------------------------------------------------------------------- tests/CMakeLists.txt | 74 ++++--------- tests/sasl_configs/qdrouterd.sasldb | Bin 12288 -> 0 bytes tests/sasl_configs/tests-mech-EXTERNAL.conf | 1 - tests/sasl_configs/tests-mech-NOEXTERNAL.conf | 1 - tests/sasl_configs/tests-mech-PLAIN.conf.in | 79 ------------- tests/system_test.py | 6 +- tests/system_tests_qdstat.py | 12 +- tests/system_tests_sasl_plain.py | 123 +++++++++++++++++++++ tests/system_tests_sasl_plain.py.in | 106 ------------------ 9 files changed, 162 insertions(+), 240 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/4c35796c/tests/CMakeLists.txt ---------------------------------------------------------------------- diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 825f84e..75c7c4b 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -50,22 +50,6 @@ set(unit_test_size_SOURCES add_executable(unit_tests_size ${unit_test_size_SOURCES}) target_link_libraries(unit_tests_size qpid-dispatch) -# Move all the python system tests from the src/tests dir to the build/tests dir and execute the tests from there. -# While moving the files make sure that configure_file() is called on any .py.in files resulting in .py file -configure_file(${CMAKE_CURRENT_SOURCE_DIR}/system_tests_sasl_plain.py.in ${CMAKE_CURRENT_BINARY_DIR}/system_tests_sasl_plain.py) -file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/router_engine_test.py DESTINATION ${CMAKE_CURRENT_BINARY_DIR}) -file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/system_tests_broker.py DESTINATION ${CMAKE_CURRENT_BINARY_DIR}) -file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/system_tests_management.py DESTINATION ${CMAKE_CURRENT_BINARY_DIR}) -file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/system_tests_one_router.py DESTINATION ${CMAKE_CURRENT_BINARY_DIR}) -file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/system_tests_qdmanage.py DESTINATION ${CMAKE_CURRENT_BINARY_DIR}) -file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/system_tests_qdstat.py DESTINATION ${CMAKE_CURRENT_BINARY_DIR}) -file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/system_tests_two_routers.py DESTINATION ${CMAKE_CURRENT_BINARY_DIR}) -file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/system_tests_protocol_family.py DESTINATION ${CMAKE_CURRENT_BINARY_DIR}) -file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/system_tests_link_routes.py DESTINATION ${CMAKE_CURRENT_BINARY_DIR}) -file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/run_system_tests.py DESTINATION ${CMAKE_CURRENT_BINARY_DIR}) -file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/system_test.py DESTINATION ${CMAKE_CURRENT_BINARY_DIR}) - - set(TEST_WRAP ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_BINARY_DIR}/run.py) add_test(unit_tests_size_10000 ${TEST_WRAP} --vg unit_tests_size 10000) @@ -78,47 +62,37 @@ add_test(unit_tests_size_2 ${TEST_WRAP} --vg unit_tests_size 2) add_test(unit_tests_size_1 ${TEST_WRAP} --vg unit_tests_size 1) add_test(unit_tests ${TEST_WRAP} --vg unit_tests ${CMAKE_CURRENT_SOURCE_DIR}/threads4.conf) -# Add all sytem_tests* using add_test -add_test(router_tests ${TEST_WRAP} -s ${CMAKE_CURRENT_BINARY_DIR}/router_engine_test.py -v) -add_test(system_tests_broker ${TEST_WRAP} -s ${CMAKE_CURRENT_BINARY_DIR}/system_tests_broker.py -v) -add_test(system_tests_management ${TEST_WRAP} -s ${CMAKE_CURRENT_BINARY_DIR}/system_tests_management.py -v) -add_test(system_tests_one_router ${TEST_WRAP} -s ${CMAKE_CURRENT_BINARY_DIR}/system_tests_one_router.py -v) -add_test(system_tests_qdmanage ${TEST_WRAP} -s ${CMAKE_CURRENT_BINARY_DIR}/system_tests_qdmanage.py -v) -add_test(system_tests_qdstat ${TEST_WRAP} -s ${CMAKE_CURRENT_BINARY_DIR}/system_tests_qdstat.py -v) -add_test(system_tests_two_routers ${TEST_WRAP} -s ${CMAKE_CURRENT_BINARY_DIR}/system_tests_two_routers.py -v) -add_test(system_tests_protocol_family ${TEST_WRAP} -s ${CMAKE_CURRENT_BINARY_DIR}/system_tests_protocol_family.py -v) -add_test(system_tests_link_routes ${TEST_WRAP} -s ${CMAKE_CURRENT_BINARY_DIR}/system_tests_link_routes.py -v) -add_test(system_tests_sasl_plain ${TEST_WRAP} -s ${CMAKE_CURRENT_BINARY_DIR}/system_tests_sasl_plain.py -v) -add_test(management_tests ${TEST_WRAP} -m unittest -v management) - -#macro(add_system_test test) -# add_test(${test} ${TEST_WRAP} -m ${test} -v) -#endmacro(add_system_test) - +# Unit test python modules +add_test(router_engine_test ${TEST_WRAP} -m unittest -v router_engine_test) +add_test(managemet_test ${TEST_WRAP} -m unittest -v management) + +# System test python modules +foreach(py_test_module + system_tests_broker + system_tests_link_routes + system_tests_management + system_tests_one_router + system_tests_protocol_family + system_tests_qdmanage + system_tests_qdstat + system_tests_sasl_plain + system_tests_two_routers) + + add_test(${py_test_module} ${TEST_WRAP} -m unittest -v ${py_test_module}) + list(APPEND SYSTEM_TEST_FILES ${CMAKE_CURRENT_SOURCE_DIR}/${py_test_module}.py) +endforeach() + +# Additional files to install for running system tests. # NOTE: Don't install run.py. A system test of a dispatch installation should pick everything # up from standard install locations. # -set(SYSTEM_TEST_FILES - ${CMAKE_CURRENT_BINARY_DIR}/router_engine_test.py - ${CMAKE_CURRENT_BINARY_DIR}/run_system_tests.py - ${CMAKE_CURRENT_BINARY_DIR}/system_test.py - ${CMAKE_CURRENT_BINARY_DIR}/system_tests_one_router.py - ${CMAKE_CURRENT_BINARY_DIR}/system_tests_two_routers.py - ${CMAKE_CURRENT_BINARY_DIR}/system_tests_protocol_family.py - ${CMAKE_CURRENT_BINARY_DIR}/system_tests_broker.py - ${CMAKE_CURRENT_BINARY_DIR}/system_tests_management.py - ${CMAKE_CURRENT_BINARY_DIR}/system_tests_qdstat.py - ${CMAKE_CURRENT_BINARY_DIR}/system_tests_qdmanage.py - ${CMAKE_CURRENT_BINARY_DIR}/system_tests_link_routes.py - ${CMAKE_CURRENT_BINARY_DIR}/system_tests_sasl_plain.py) +list(APPEND SYSTEM_TEST_FILES + ${CMAKE_CURRENT_SOURCE_DIR}/run_system_tests.py + ${CMAKE_CURRENT_SOURCE_DIR}/system_test.py) configure_file(${CMAKE_CURRENT_SOURCE_DIR}/config-2/A-ssl.conf.in ${CMAKE_CURRENT_BINARY_DIR}/config-2/A-ssl.conf) configure_file(${CMAKE_CURRENT_SOURCE_DIR}/config-2/B-ssl.conf.in ${CMAKE_CURRENT_BINARY_DIR}/config-2/B-ssl.conf) -file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/sasl_configs/qdrouterd.sasldb DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/sasl_configs) -file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/sasl_configs/tests-mech-EXTERNAL.conf DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/sasl_configs) -file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/sasl_configs/tests-mech-NOEXTERNAL.conf DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/sasl_configs) file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/ssl_certs DESTINATION ${CMAKE_CURRENT_BINARY_DIR}) -configure_file(${CMAKE_CURRENT_SOURCE_DIR}/sasl_configs/tests-mech-PLAIN.conf.in ${CMAKE_CURRENT_BINARY_DIR}/sasl_configs/tests-mech-PLAIN.conf) # following install() functions will be called only if you do a make "install" install(FILES ${SYSTEM_TEST_FILES} http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/4c35796c/tests/sasl_configs/qdrouterd.sasldb ---------------------------------------------------------------------- diff --git a/tests/sasl_configs/qdrouterd.sasldb b/tests/sasl_configs/qdrouterd.sasldb deleted file mode 100644 index d73e603..0000000 Binary files a/tests/sasl_configs/qdrouterd.sasldb and /dev/null differ http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/4c35796c/tests/sasl_configs/tests-mech-EXTERNAL.conf ---------------------------------------------------------------------- diff --git a/tests/sasl_configs/tests-mech-EXTERNAL.conf b/tests/sasl_configs/tests-mech-EXTERNAL.conf deleted file mode 100644 index 1dd770d..0000000 --- a/tests/sasl_configs/tests-mech-EXTERNAL.conf +++ /dev/null @@ -1 +0,0 @@ -mech_list: EXTERNAL ANONYMOUS DIGEST-MD5 PLAIN http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/4c35796c/tests/sasl_configs/tests-mech-NOEXTERNAL.conf ---------------------------------------------------------------------- diff --git a/tests/sasl_configs/tests-mech-NOEXTERNAL.conf b/tests/sasl_configs/tests-mech-NOEXTERNAL.conf deleted file mode 100644 index c08146a..0000000 --- a/tests/sasl_configs/tests-mech-NOEXTERNAL.conf +++ /dev/null @@ -1 +0,0 @@ -mech_list: ANONYMOUS DIGEST-MD5 PLAIN http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/4c35796c/tests/sasl_configs/tests-mech-PLAIN.conf.in ---------------------------------------------------------------------- diff --git a/tests/sasl_configs/tests-mech-PLAIN.conf.in b/tests/sasl_configs/tests-mech-PLAIN.conf.in deleted file mode 100644 index 4e04097..0000000 --- a/tests/sasl_configs/tests-mech-PLAIN.conf.in +++ /dev/null @@ -1,79 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# -# -#--------------------------------- -# SASL Mechanisms and Users -#--------------------------------- -# -# This default mech list allows for PLAIN, but that -# mechanism sends credentials in the clear, and is normally -# only used along with SSL transport-layer security. -# -# This default also permits DIGEST-MD5, but you must have -# a user and password defined in your sasldb file to use -# this mechanism. ( See notes below. ) -# -# PLEASE NOTE -# For production messaging systems, a high-security mechanism such as -# DIGEST-MD5 or PLAIN+SSL should be used. -# -# - -pwcheck_method: auxprop -auxprop_plugin: sasldb -sasldb_path: ${CMAKE_CURRENT_BINARY_DIR}/sasl_configs/qdrouterd.sasldb -mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN - -#--------------------------------- -# Please Note -#--------------------------------- -# -# 1. If you use a nonstandard location for your sasl_config directory, -# you can point qdrouterd to it by using the container->saslConfigPath -# configuration attribute. -# -# If your nonstandard sasl directory is $MY_SASL_DIR, put a copy -# of this file at $MY_SASL_DIR/qdrouterd.conf, alter the mech list as -# appropriate for your installation, and then use the saslpasswd2 -# command to add new user+passwd pairs: -# echo $PASSWD | saslpasswd2 -c -p -f $MY_SASL_DIR/qdrouterd.sasldb -u qdrouterd $USERNAME -# -# -# 2. The standard location for the qdrouterd sasldb file is -# /var/lib/qdrouterd/qdrouterd.sasldb -# -# 3. You can see what usernames have been stored in the sasldb, with the -# command "sasldblistusers2 -f /var/lib/qdrouterd/qdrouterd.sasldb" -# -# 4. The sasldb file must be readable by the user running the qdrouterd -# daemon, ( the user name is qdrouterd ) and should be readable only -# by that user. -# -# 5. The EXTERNAL mechanism allows you to use SSL transport layer -# security. In that case, you can also set the broker option -# --ssl-require-client-authentication . - - - -# The following line stops spurious 'sql_select option missing' errors when -# cyrus-sql-sasl plugin is installed -sql_select: dummy select - - - http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/4c35796c/tests/system_test.py ---------------------------------------------------------------------- diff --git a/tests/system_test.py b/tests/system_test.py index 964bf88..1a0c761 100644 --- a/tests/system_test.py +++ b/tests/system_test.py @@ -581,7 +581,11 @@ class Tester(object): - Utilities to create processes and servers, manage ports etc. - Clean up processes on teardown""" - # Wipe the old test tree when we are first imported. + # Top level directory above any Tester directories. + # CMake-generated configuration may be found here. + top_dir = os.getcwd() + + # The root directory for Tester directories, under top_dir root_dir = os.path.abspath(__name__+'.dir') def __init__(self, id): http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/4c35796c/tests/system_tests_qdstat.py ---------------------------------------------------------------------- diff --git a/tests/system_tests_qdstat.py b/tests/system_tests_qdstat.py index d5e9d21..bc26bdb 100644 --- a/tests/system_tests_qdstat.py +++ b/tests/system_tests_qdstat.py @@ -89,9 +89,13 @@ try: @classmethod def setUpClass(cls): super(QdstatSslTest, cls).setUpClass() + # Write SASL configuration file: + with open('tests-mech-EXTERNAL.conf', 'w') as sasl_conf: + sasl_conf.write("mech_list: EXTERNAL ANONYMOUS DIGEST-MD5 PLAIN\n") + # qdrouterd configuration: config = system_test.Qdrouterd.Config([ ('container', {'containerName': 'QdstatSslTest', - 'saslConfigPath': cls.sasl_path(), + 'saslConfigPath': os.getcwd(), 'saslConfigName': 'tests-mech-EXTERNAL'}), ('ssl-profile', {'name': 'server-ssl', 'cert-db': cls.ssl_file('ca-certificate.pem'), @@ -231,9 +235,13 @@ try: @classmethod def setUpClass(cls): super(QdstatSslNoExternalTest, cls).setUpClass() + # Write SASL configuration file: + with open('tests-mech-NOEXTERNAL.conf', 'w') as sasl_conf: + sasl_conf.write("mech_list: ANONYMOUS DIGEST-MD5 PLAIN\n") + # qdrouterd configuration: config = system_test.Qdrouterd.Config([ ('container', {'containerName': 'QdstatSslTest', - 'saslConfigPath': cls.sasl_path(), + 'saslConfigPath': os.getcwd(), 'saslConfigName': 'tests-mech-NOEXTERNAL'}), ('ssl-profile', {'name': 'server-ssl', 'cert-db': cls.ssl_file('ca-certificate.pem'), http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/4c35796c/tests/system_tests_sasl_plain.py ---------------------------------------------------------------------- diff --git a/tests/system_tests_sasl_plain.py b/tests/system_tests_sasl_plain.py new file mode 100644 index 0000000..3df4a6c --- /dev/null +++ b/tests/system_tests_sasl_plain.py @@ -0,0 +1,123 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +import unittest, os +from subprocess import PIPE, Popen +import system_test +from system_test import TestCase, Qdrouterd, main_module + +class RouterTestPlainSasl(TestCase): + + @classmethod + def createSasldb(cls): + pass + + + @classmethod + def setUpClass(cls): + """ + Tests the sasl_username, sasl_password property of the dispatch router. + + Creates two routers (QDR.X and QDR.Y) and sets up PLAIN authentication on QDR.X. + QDR.Y connects to QDR.X by providing a sasl_username and a sasl_password. + + """ + super(RouterTestPlainSasl, cls).setUpClass() + + # Create a sasl database. + p = Popen(['saslpasswd2', '-c', '-p', '-f', 'qdrouterd.sasldb', '-u', 'domain.com', 'test'], + stdin=PIPE, stdout=PIPE, stderr=PIPE) + result = p.communicate('password') + assert p.returncode == 0, \ + "saslpasswd2 exit status %s, output:\n%s" % (p.returncode, result) + + # Create a SASL configuration file. + with open('tests-mech-PLAIN.conf', 'w') as sasl_conf: + sasl_conf.write(""" +pwcheck_method: auxprop +auxprop_plugin: sasldb +sasldb_path: qdrouterd.sasldb +mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN +# The following line stops spurious 'sql_select option missing' errors when cyrus-sql-sasl plugin is installed +sql_select: dummy select +""") + + def router(name, connection): + + config = [ + ('router', {'mode': 'interior', 'routerId': 'QDR.%s'%name}), + ('fixedAddress', {'prefix': '/closest/', 'fanout': 'single', 'bias': 'closest'}), + ('fixedAddress', {'prefix': '/spread/', 'fanout': 'single', 'bias': 'spread'}), + ('fixedAddress', {'prefix': '/multicast/', 'fanout': 'multiple'}), + ('fixedAddress', {'prefix': '/', 'fanout': 'multiple'}), + + ] + connection + + config = Qdrouterd.Config(config) + cls.routers.append(cls.tester.qdrouterd(name, config, wait=False)) + + cls.routers = [] + + x_listener_port = cls.tester.get_port() + y_listener_port = cls.tester.get_port() + sasl_config_path = os.path.join(cls.top_dir, 'sasl_configs') + + router('X', [ + ('listener', {'addr': '0.0.0.0', 'role': 'inter-router', 'port': x_listener_port, + 'saslMechanisms':'PLAIN DIGEST-MD5', 'authenticatePeer': 'yes'}), + # This unauthenticated listener is for qdstat to connect to it. + ('listener', {'addr': '0.0.0.0', 'role': 'normal', 'port': cls.tester.get_port(), + 'authenticatePeer': 'no'}), + ('container', {'workerThreads': 4, 'containerName': 'Qpid.Dispatch.Router.X', + 'saslConfigName': 'tests-mech-PLAIN', + 'saslConfigPath': os.getcwd()}), + ]) + + router('Y', [ + ('connector', {'addr': '0.0.0.0', 'role': 'inter-router', 'port': x_listener_port, + # Provide a sasl user name and password to connect to QDR.X + 'saslMechanisms': 'PLAIN DIGEST-MD5', 'saslUsername': '[email protected]', 'saslPassword': 'password'}), + ('container', {'workerThreads': 4, 'containerName': 'Qpid.Dispatch.Router.Y'}), + ('listener', {'addr': '0.0.0.0', 'role': 'normal', 'port': y_listener_port}), + ]) + + cls.routers[1].wait_router_connected('QDR.X') + + def test_inter_router_plain_exists(self): + """The setUpClass sets up two routers with SASL PLAIN enabled. + + This test makes executes a qdstat -c via an unauthenticated listener to + QDR.X and makes sure that the output has an "inter-router" connection to + QDR.Y whose authentication is PLAIN. This ensures that QDR.Y did not + somehow use SASL ANONYMOUS to connect to QDR.X + + """ + p = self.popen( + ['qdstat', '-b', str(self.routers[0].addresses[1]), '-c'], + name='qdstat-'+self.id(), stdout=PIPE, expect=None) + out = p.communicate()[0] + assert p.returncode == 0, \ + "qdstat exit status %s, output:\n%s" % (p.returncode, out) + + self.assertIn("inter-router", out) + self.assertIn("[email protected](PLAIN)", out) + +if __name__ == '__main__': + unittest.main(main_module()) + http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/4c35796c/tests/system_tests_sasl_plain.py.in ---------------------------------------------------------------------- diff --git a/tests/system_tests_sasl_plain.py.in b/tests/system_tests_sasl_plain.py.in deleted file mode 100644 index 5e03efd..0000000 --- a/tests/system_tests_sasl_plain.py.in +++ /dev/null @@ -1,106 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -import unittest, os -from subprocess import PIPE -import system_test -from system_test import TestCase, Qdrouterd, main_module - -class RouterTestPlainSasl(TestCase): - - @classmethod - def createSasldb(cls): - pass - - - @classmethod - def setUpClass(cls): - """ - Tests the sasl_username, sasl_password property of the dispatch router. - - Creates two routers (QDR.X and QDR.Y) and sets up PLAIN authentication on QDR.X. - QDR.Y connects to QDR.X by providing a sasl_username and a sasl_password. - - """ - super(RouterTestPlainSasl, cls).setUpClass() - - def router(name, connection): - - config = [ - ('router', {'mode': 'interior', 'routerId': 'QDR.%s'%name}), - ('fixedAddress', {'prefix': '/closest/', 'fanout': 'single', 'bias': 'closest'}), - ('fixedAddress', {'prefix': '/spread/', 'fanout': 'single', 'bias': 'spread'}), - ('fixedAddress', {'prefix': '/multicast/', 'fanout': 'multiple'}), - ('fixedAddress', {'prefix': '/', 'fanout': 'multiple'}), - - ] + connection - - config = Qdrouterd.Config(config) - cls.routers.append(cls.tester.qdrouterd(name, config, wait=False)) - - cls.routers = [] - - x_listener_port = cls.tester.get_port() - y_listener_port = cls.tester.get_port() - - # Look at the tests/CMakeLists.txt to find out how CMAKE replaces ${CMAKE_CURRENT_BINARY_DIR} with the correct path - # CMAKE also renames this file to system_tests_sasl_plain.py and copies it to the build/tests folder before executing it. - sasl_config_path = '${CMAKE_CURRENT_BINARY_DIR}' + '/sasl_configs' - - router('X', [ - ('listener', {'addr': '0.0.0.0', 'role': 'inter-router', 'port': x_listener_port, - 'saslMechanisms':'PLAIN DIGEST-MD5', 'authenticatePeer': 'yes'}), - # This unauthenticated listener is for qdstat to connect to it. - ('listener', {'addr': '0.0.0.0', 'role': 'normal', 'port': cls.tester.get_port(), - 'authenticatePeer': 'no'}), - ('container', {'workerThreads': 4, 'containerName': 'Qpid.Dispatch.Router.X', - 'saslConfigName': 'tests-mech-PLAIN', - 'saslConfigPath': sasl_config_path}), - ]) - - router('Y', [ - ('connector', {'addr': '0.0.0.0', 'role': 'inter-router', 'port': x_listener_port, - # Provide a sasl user name and password to connect to QDR.X - 'saslMechanisms': 'PLAIN DIGEST-MD5', 'saslUsername': '[email protected]', 'saslPassword': 'password'}), - ('container', {'workerThreads': 4, 'containerName': 'Qpid.Dispatch.Router.Y'}), - ('listener', {'addr': '0.0.0.0', 'role': 'normal', 'port': y_listener_port}), - ]) - - cls.routers[1].wait_router_connected('QDR.X') - - def test_inter_router_plain_exists(self): - """ - The setUpClass sets up two routers with SASL PLAIN enabled. - This test makes executes a qdstat -c via an unauthenticated listener to QDR.X and makes sure that the output - has an "inter-router" connection to QDR.Y whose authentication is PLAIN. This ensures that QDR.Y did not - somehow use SASL ANONYMOUS to connect to QDR.X - """ - p = self.popen( - ['qdstat', '-b', str(self.routers[0].addresses[1]), '-c'], - name='qdstat-'+self.id(), stdout=PIPE, expect=None) - out = p.communicate()[0] - assert p.returncode == 0, \ - "qdstat exit status %s, output:\n%s" % (p.returncode, out) - - assert "inter-router" in out - assert "[email protected](PLAIN)" in out - -if __name__ == '__main__': - unittest.main(main_module()) - --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
