def setUp(self): super(ClientDrivenTestCase, self).setUp() # FIXME(morganfainberg): Since we are running tests through the # controllers and some internal api drivers are SQL-only, the correct # approach is to ensure we have the correct backing store. The # credential api makes some very SQL specific assumptions that should # be addressed allowing for non-SQL based testing to occur. self.useFixture(database.Database()) self.load_backends() self.load_fixtures(default_fixtures) # TODO(termie): add an admin user to the fixtures and use that user # override the fixtures, for now self.assignment_api.add_role_to_user_and_project( self.user_foo['id'], self.tenant_bar['id'], self.role_admin['id']) conf = self._paste_config('keystone') fixture = self.useFixture(appserver.AppServer(conf, appserver.MAIN)) self.public_server = fixture.server fixture = self.useFixture(appserver.AppServer(conf, appserver.ADMIN)) self.admin_server = fixture.server self.addCleanup(self.cleanup_instance('public_server', 'admin_server'))
def test_2way_ssl_ok(self): """Make sure both public and admin API work with 2-way SSL. Requires client certificate. """ paste_conf = self._paste_config('keystone') ssl_kwargs = dict(cert=CERT, key=KEY, ca=CA, cert_required=True) # Verify Admin with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs): conn = self.get_HTTPSConnection('127.0.0.1', CONF.eventlet_server.admin_port, CLIENT, CLIENT) conn.request('GET', '/') resp = conn.getresponse() self.assertEqual(300, resp.status) # Verify Public with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs): conn = self.get_HTTPSConnection('127.0.0.1', CONF.eventlet_server.public_port, CLIENT, CLIENT) conn.request('GET', '/') resp = conn.getresponse() self.assertEqual(300, resp.status)
def test_2way_ssl_with_ipv6_ok(self): """Make sure both public and admin API work with 2-way ipv6 & SSL. Requires client certificate. """ self.skip_if_no_ipv6() paste_conf = self._paste_config('keystone') ssl_kwargs = dict(cert=CERT, key=KEY, ca=CA, cert_required=True, host="::1") # Verify Admin with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs): conn = environment.httplib.HTTPSConnection( '::1', CONF.eventlet_server.admin_port, CLIENT, CLIENT) conn.request('GET', '/') resp = conn.getresponse() self.assertEqual(300, resp.status) # Verify Public with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs): conn = environment.httplib.HTTPSConnection( '::1', CONF.eventlet_server.public_port, CLIENT, CLIENT) conn.request('GET', '/') resp = conn.getresponse() self.assertEqual(300, resp.status)
def test_ipv6_ok(self): """Make sure both public and admin API work with ipv6.""" paste_conf = self._paste_config('keystone') # Verify Admin with appserver.AppServer(paste_conf, appserver.ADMIN, host="::1"): conn = environment.httplib.HTTPConnection( '::1', CONF.eventlet_server.admin_port) conn.request('GET', '/') resp = conn.getresponse() self.assertEqual(300, resp.status) # Verify Public with appserver.AppServer(paste_conf, appserver.MAIN, host="::1"): conn = environment.httplib.HTTPConnection( '::1', CONF.eventlet_server.public_port) conn.request('GET', '/') resp = conn.getresponse() self.assertEqual(300, resp.status)
def test_1way_ssl_ok(self): """Make sure both public and admin API work with 1-way SSL.""" paste_conf = self._paste_config('keystone') ssl_kwargs = dict(cert=CERT, key=KEY, ca=CA) # Verify Admin with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs): conn = environment.httplib.HTTPSConnection( '127.0.0.1', CONF.eventlet_server.admin_port) conn.request('GET', '/') resp = conn.getresponse() self.assertEqual(300, resp.status) # Verify Public with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs): conn = environment.httplib.HTTPSConnection( '127.0.0.1', CONF.eventlet_server.public_port) conn.request('GET', '/') resp = conn.getresponse() self.assertEqual(300, resp.status)
def test_1way_ssl_with_ipv6_ok(self): """Make sure both public and admin API work with 1-way ipv6 & SSL.""" self.skip_if_no_ipv6() paste_conf = self._paste_config('keystone') ssl_kwargs = dict(cert=CERT, key=KEY, ca=CA, host="::1") # Verify Admin with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs): conn = self.get_HTTPSConnection('::1', CONF.eventlet_server.admin_port) conn.request('GET', '/') resp = conn.getresponse() self.assertEqual(300, resp.status) # Verify Public with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs): conn = self.get_HTTPSConnection('::1', CONF.eventlet_server.public_port) conn.request('GET', '/') resp = conn.getresponse() self.assertEqual(300, resp.status)
def test_2way_ssl_fail(self): """Expect to fail when client does not present proper certificate.""" paste_conf = self._paste_config('keystone') ssl_kwargs = dict(cert=CERT, key=KEY, ca=CA, cert_required=True) # Verify Admin with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs): conn = self.get_HTTPSConnection('127.0.0.1', CONF.eventlet_server.admin_port) try: conn.request('GET', '/') self.fail('Admin API shoulda failed with SSL handshake!') except ssl.SSLError: pass # Verify Public with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs): conn = self.get_HTTPSConnection('127.0.0.1', CONF.eventlet_server.public_port) try: conn.request('GET', '/') self.fail('Public API shoulda failed with SSL handshake!') except ssl.SSLError: pass