Re: [PATCH v2 00/18] tests: introduce testing coverage for TLS with migration
* Daniel P. Berrangé (berra...@redhat.com) wrote: > This significantly expands the migration test suite to cover testing > with TLS over TCP and UNIX sockets, with both PSK (pre shared keys) > and x509 credentials, and for both single and multifd scenarios. > > It identified one bug in handling PSK credentials with UNIX sockets, > but other than that everything was operating as expected. > > To minimize the impact on code duplication alopt of refactoring is > done of the migration tests to introduce a common helper for running > the migration process. The various tests mostly just have to provide > a callback to set a few parameters/capabilities before migration > starts, and sometimes a callback to cleanup or validate after > completion/failure. > > There is one functional bugfix in patch 6, I would like to see > in 7.0. The rest is all test suite additions, and I don't mind > if they are in 7.0 or 7.1 I've queued: tests: expand the migration precopy helper to support failures tests: switch migration FD passing test to use common precopy helper tests: introduce ability to provide hooks for migration precopy test tests: merge code for UNIX and TCP migration pre-copy tests tests: switch MigrateStart struct to be stack allocated migration: fix use of TLS PSK credentials with a UNIX socket tests: print newline after QMP response in qtest logs tests: support QTEST_TRACE env variable tests: improve error message when saving TLS PSK file fails > Changed in v2: > > - Use structs to pass around most parameters > - Hide expected errors from stderr > > Daniel P. Berrangé (18): > tests: fix encoding of IP addresses in x509 certs > tests: improve error message when saving TLS PSK file fails > tests: support QTEST_TRACE env variable > tests: print newline after QMP response in qtest logs > tests: add more helper macros for creating TLS x509 certs > migration: fix use of TLS PSK credentials with a UNIX socket > tests: switch MigrateStart struct to be stack allocated > tests: merge code for UNIX and TCP migration pre-copy tests > tests: introduce ability to provide hooks for migration precopy test > tests: switch migration FD passing test to use common precopy helper > tests: expand the migration precopy helper to support failures > tests: add migration tests of TLS with PSK credentials > tests: add migration tests of TLS with x509 credentials > tests: convert XBZRLE migration test to use common helper > tests: convert multifd migration tests to use common helper > tests: add multifd migration tests of TLS with PSK credentials > tests: add multifd migration tests of TLS with x509 credentials > tests: ensure migration status isn't reported as failed > > meson.build |1 + > migration/tls.c |4 - > tests/qtest/libqtest.c | 13 +- > tests/qtest/meson.build | 12 +- > tests/qtest/migration-helpers.c | 13 + > tests/qtest/migration-helpers.h |1 + > tests/qtest/migration-test.c | 1208 +- > tests/unit/crypto-tls-psk-helpers.c | 20 +- > tests/unit/crypto-tls-psk-helpers.h |1 + > tests/unit/crypto-tls-x509-helpers.c | 16 +- > tests/unit/crypto-tls-x509-helpers.h | 53 ++ > tests/unit/test-crypto-tlssession.c | 11 +- > 12 files changed, 1096 insertions(+), 257 deletions(-) > > -- > 2.34.1 > > > -- Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
Re: [PATCH v2 00/18] tests: introduce testing coverage for TLS with migration
Daniel P. Berrangé wrote: > Juan, > > would you be able to include at least patch 6 in a migration > pull before release ? Yeap, will do tomorrow. Later, Juan. > On Fri, Mar 11, 2022 at 09:58:24AM +0800, Peter Xu wrote: >> On Thu, Mar 10, 2022 at 05:18:03PM +, Daniel P. Berrangé wrote: >> > This significantly expands the migration test suite to cover testing >> > with TLS over TCP and UNIX sockets, with both PSK (pre shared keys) >> > and x509 credentials, and for both single and multifd scenarios. >> > >> > It identified one bug in handling PSK credentials with UNIX sockets, >> > but other than that everything was operating as expected. >> > >> > To minimize the impact on code duplication alopt of refactoring is >> > done of the migration tests to introduce a common helper for running >> > the migration process. The various tests mostly just have to provide >> > a callback to set a few parameters/capabilities before migration >> > starts, and sometimes a callback to cleanup or validate after >> > completion/failure. >> > >> > There is one functional bugfix in patch 6, I would like to see >> > in 7.0. The rest is all test suite additions, and I don't mind >> > if they are in 7.0 or 7.1 >> >> At least patch 1-4, 6-10 look already good candidates for 7.0, imho, if not >> all.. >> >> Thanks for doing this, Daniel. >> >> -- >> Peter Xu >> > > With regards, > Daniel
Re: [PATCH v2 00/18] tests: introduce testing coverage for TLS with migration
Juan, would you be able to include at least patch 6 in a migration pull before release ? On Fri, Mar 11, 2022 at 09:58:24AM +0800, Peter Xu wrote: > On Thu, Mar 10, 2022 at 05:18:03PM +, Daniel P. Berrangé wrote: > > This significantly expands the migration test suite to cover testing > > with TLS over TCP and UNIX sockets, with both PSK (pre shared keys) > > and x509 credentials, and for both single and multifd scenarios. > > > > It identified one bug in handling PSK credentials with UNIX sockets, > > but other than that everything was operating as expected. > > > > To minimize the impact on code duplication alopt of refactoring is > > done of the migration tests to introduce a common helper for running > > the migration process. The various tests mostly just have to provide > > a callback to set a few parameters/capabilities before migration > > starts, and sometimes a callback to cleanup or validate after > > completion/failure. > > > > There is one functional bugfix in patch 6, I would like to see > > in 7.0. The rest is all test suite additions, and I don't mind > > if they are in 7.0 or 7.1 > > At least patch 1-4, 6-10 look already good candidates for 7.0, imho, if not > all.. > > Thanks for doing this, Daniel. > > -- > Peter Xu > With regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|
Re: [PATCH v2 00/18] tests: introduce testing coverage for TLS with migration
On Thu, Mar 10, 2022 at 05:18:03PM +, Daniel P. Berrangé wrote: > This significantly expands the migration test suite to cover testing > with TLS over TCP and UNIX sockets, with both PSK (pre shared keys) > and x509 credentials, and for both single and multifd scenarios. > > It identified one bug in handling PSK credentials with UNIX sockets, > but other than that everything was operating as expected. > > To minimize the impact on code duplication alopt of refactoring is > done of the migration tests to introduce a common helper for running > the migration process. The various tests mostly just have to provide > a callback to set a few parameters/capabilities before migration > starts, and sometimes a callback to cleanup or validate after > completion/failure. > > There is one functional bugfix in patch 6, I would like to see > in 7.0. The rest is all test suite additions, and I don't mind > if they are in 7.0 or 7.1 At least patch 1-4, 6-10 look already good candidates for 7.0, imho, if not all.. Thanks for doing this, Daniel. -- Peter Xu
[PATCH v2 00/18] tests: introduce testing coverage for TLS with migration
This significantly expands the migration test suite to cover testing with TLS over TCP and UNIX sockets, with both PSK (pre shared keys) and x509 credentials, and for both single and multifd scenarios. It identified one bug in handling PSK credentials with UNIX sockets, but other than that everything was operating as expected. To minimize the impact on code duplication alopt of refactoring is done of the migration tests to introduce a common helper for running the migration process. The various tests mostly just have to provide a callback to set a few parameters/capabilities before migration starts, and sometimes a callback to cleanup or validate after completion/failure. There is one functional bugfix in patch 6, I would like to see in 7.0. The rest is all test suite additions, and I don't mind if they are in 7.0 or 7.1 Changed in v2: - Use structs to pass around most parameters - Hide expected errors from stderr Daniel P. Berrangé (18): tests: fix encoding of IP addresses in x509 certs tests: improve error message when saving TLS PSK file fails tests: support QTEST_TRACE env variable tests: print newline after QMP response in qtest logs tests: add more helper macros for creating TLS x509 certs migration: fix use of TLS PSK credentials with a UNIX socket tests: switch MigrateStart struct to be stack allocated tests: merge code for UNIX and TCP migration pre-copy tests tests: introduce ability to provide hooks for migration precopy test tests: switch migration FD passing test to use common precopy helper tests: expand the migration precopy helper to support failures tests: add migration tests of TLS with PSK credentials tests: add migration tests of TLS with x509 credentials tests: convert XBZRLE migration test to use common helper tests: convert multifd migration tests to use common helper tests: add multifd migration tests of TLS with PSK credentials tests: add multifd migration tests of TLS with x509 credentials tests: ensure migration status isn't reported as failed meson.build |1 + migration/tls.c |4 - tests/qtest/libqtest.c | 13 +- tests/qtest/meson.build | 12 +- tests/qtest/migration-helpers.c | 13 + tests/qtest/migration-helpers.h |1 + tests/qtest/migration-test.c | 1208 +- tests/unit/crypto-tls-psk-helpers.c | 20 +- tests/unit/crypto-tls-psk-helpers.h |1 + tests/unit/crypto-tls-x509-helpers.c | 16 +- tests/unit/crypto-tls-x509-helpers.h | 53 ++ tests/unit/test-crypto-tlssession.c | 11 +- 12 files changed, 1096 insertions(+), 257 deletions(-) -- 2.34.1