def test_modesOnUNIXSockets(self):
"""
The logging and stats UNIX sockets that are bound as part of the
'Combined' service hierarchy should have a secure mode specified: only
the executing user should be able to open and send to them.
"""
svc = CalDAVServiceMaker().makeService(self.options)
for serviceName in [_CONTROL_SERVICE_NAME]:
socketService = svc.getServiceNamed(serviceName)
self.assertIsInstance(socketService, GroupOwnedUNIXServer)
m = socketService.kwargs.get("mode", 0666)
self.assertEquals(
m, int("660", 8),
"Wrong mode on %s: %s" % (serviceName, oct(m))
)
self.assertEquals(socketService.gid, self.alternateGroup)
for serviceName in ["unix-stats"]:
socketService = svc.getServiceNamed(serviceName)
self.assertIsInstance(socketService, GroupOwnedUNIXServer)
m = socketService.kwargs.get("mode", 0666)
self.assertEquals(
m, int("660", 8),
"Wrong mode on %s: %s" % (serviceName, oct(m))
)
self.assertEquals(socketService.gid, self.alternateGroup)
def test_defaultListeners(self):
"""
Test that the Slave service has sub services with the
default TCP and SSL configuration
"""
# Note: the listeners are bundled within a MultiService named "ConnectionService"
service = CalDAVServiceMaker().makeService(self.options)
service = service.getServiceNamed(CalDAVService.connectionServiceName)
expectedSubServices = dict((
(MaxAcceptTCPServer, config.HTTPPort),
(MaxAcceptSSLServer, config.SSLPort),
))
configuredSubServices = [(s.__class__, getattr(s, 'args', None))
for s in service.services]
checked = 0
for serviceClass, serviceArgs in configuredSubServices:
if serviceClass in expectedSubServices:
checked += 1
self.assertEquals(
serviceArgs[0],
dict(expectedSubServices)[serviceClass]
)
# TCP+SSL services for IPv4, TCP+SSL services for IPv6.
self.assertEquals(checked, 4)
def test_multipleBindAddresses(self):
"""
Test that the TCPServer and SSLServers are bound to the proper
addresses.
"""
# Note: the listeners are bundled within a MultiService named "ConnectionService"
service = CalDAVServiceMaker().makeService(self.options)
service = service.getServiceNamed(CalDAVService.connectionServiceName)
tcpServers = []
sslServers = []
for s in service.services:
if isinstance(s, internet.TCPServer):
tcpServers.append(s)
elif isinstance(s, internet.SSLServer):
sslServers.append(s)
self.assertEquals(len(tcpServers), len(config.BindAddresses))
self.assertEquals(len(sslServers), len(config.BindAddresses))
for addr in config.BindAddresses:
for s in tcpServers:
if s.kwargs["interface"] == addr:
tcpServers.remove(s)
for s in sslServers:
if s.kwargs["interface"] == addr:
sslServers.remove(s)
self.assertEquals(len(tcpServers), 0)
self.assertEquals(len(sslServers), 0)
def test_SSLKeyConfiguration(self):
"""
Test that the configuration of the SSLServer reflect the config file's
SSL Private Key and SSL Certificate
"""
# Note: the listeners are bundled within a MultiService named "ConnectionService"
service = CalDAVServiceMaker().makeService(self.options)
service = service.getServiceNamed(CalDAVService.connectionServiceName)
sslService = None
for s in service.services:
if isinstance(s, internet.SSLServer):
sslService = s
break
self.failIf(sslService is None, "No SSL Service found")
context = sslService.args[2]
self.assertEquals(
config.SSLPrivateKey,
context.privateKeyFileName
)
self.assertEquals(
config.SSLCertificate,
context.certificateFileName,
)
def test_modesOnUNIXSockets(self):
"""
The logging and stats UNIX sockets that are bound as part of the
'Combined' service hierarchy should have a secure mode specified: only
the executing user should be able to open and send to them.
"""
svc = CalDAVServiceMaker().makeService(self.options)
for serviceName in [_CONTROL_SERVICE_NAME]:
socketService = svc.getServiceNamed(serviceName)
self.assertIsInstance(socketService, GroupOwnedUNIXServer)
m = socketService.kwargs.get("mode", 0666)
self.assertEquals(
m, int("660", 8),
"Wrong mode on %s: %s" % (serviceName, oct(m))
)
self.assertEquals(socketService.gid, self.alternateGroup)
for serviceName in ["unix-stats"]:
socketService = svc.getServiceNamed(serviceName)
self.assertIsInstance(socketService, GroupOwnedUNIXServer)
m = socketService.kwargs.get("mode", 0666)
self.assertEquals(
m, int("660", 8),
"Wrong mode on %s: %s" % (serviceName, oct(m))
)
self.assertEquals(socketService.gid, self.alternateGroup)
def test_multipleBindAddresses(self):
"""
Test that the TCPServer and SSLServers are bound to the proper
addresses.
"""
# Note: the listeners are bundled within a MultiService named "ConnectionService"
service = CalDAVServiceMaker().makeService(self.options)
service = service.getServiceNamed(CalDAVService.connectionServiceName)
tcpServers = []
sslServers = []
for s in service.services:
if isinstance(s, internet.TCPServer):
tcpServers.append(s)
elif isinstance(s, internet.SSLServer):
sslServers.append(s)
self.assertEquals(len(tcpServers), len(config.BindAddresses))
self.assertEquals(len(sslServers), len(config.BindAddresses))
for addr in config.BindAddresses:
for s in tcpServers:
if s.kwargs["interface"] == addr:
tcpServers.remove(s)
for s in sslServers:
if s.kwargs["interface"] == addr:
sslServers.remove(s)
self.assertEquals(len(tcpServers), 0)
self.assertEquals(len(sslServers), 0)
def makeService(self, patcher=passthru):
"""
Create a service by calling into CalDAVServiceMaker with
self.configFile
"""
self.options.parseOptions(["-f", self.configFile])
maker = CalDAVServiceMaker()
maker = patcher(maker)
return maker.makeService(self.options)
def test_listenBacklog(self):
"""
Test that the backlog arguments is set in TCPServer and SSLServers
"""
# Note: the listeners are bundled within a MultiService named "ConnectionService"
service = CalDAVServiceMaker().makeService(self.options)
service = service.getServiceNamed(CalDAVService.connectionServiceName)
for s in service.services:
if isinstance(s, (internet.TCPServer, internet.SSLServer)):
self.assertEquals(s.kwargs["backlog"], 1024)
def test_singleBindAddresses(self):
"""
Test that the TCPServer and SSLServers are bound to the proper address
"""
# Note: the listeners are bundled within a MultiService named "ConnectionService"
service = CalDAVServiceMaker().makeService(self.options)
service = service.getServiceNamed(CalDAVService.connectionServiceName)
for s in service.services:
if isinstance(s, (internet.TCPServer, internet.SSLServer)):
self.assertEquals(s.kwargs["interface"], "127.0.0.1")
def test_noHTTP(self):
"""
Test the single service to make sure there is no TCPServer when
HTTPPort is not configured
"""
# Note: the listeners are bundled within a MultiService named "ConnectionService"
service = CalDAVServiceMaker().makeService(self.options)
service = service.getServiceNamed(CalDAVService.connectionServiceName)
self.assertNotIn(internet.TCPServer,
[s.__class__ for s in service.services])
def test_noSSL(self):
"""
Test the single service to make sure there is no SSL Service when SSL
is disabled
"""
# Note: the listeners are bundled within a MultiService named "ConnectionService"
service = CalDAVServiceMaker().makeService(self.options)
service = service.getServiceNamed(CalDAVService.connectionServiceName)
self.assertNotIn(internet.SSLServer,
[s.__class__ for s in service.services])
def test_singleBindAddresses(self):
"""
Test that the TCPServer and SSLServers are bound to the proper address
"""
# Note: the listeners are bundled within a MultiService named "ConnectionService"
service = CalDAVServiceMaker().makeService(self.options)
service = service.getServiceNamed(CalDAVService.connectionServiceName)
for s in service.services:
if isinstance(s, (internet.TCPServer, internet.SSLServer)):
self.assertEquals(s.kwargs["interface"], "127.0.0.1")
def test_listenBacklog(self):
"""
Test that the backlog arguments is set in TCPServer and SSLServers
"""
# Note: the listeners are bundled within a MultiService named "ConnectionService"
service = CalDAVServiceMaker().makeService(self.options)
service = service.getServiceNamed(CalDAVService.connectionServiceName)
for s in service.services:
if isinstance(s, (internet.TCPServer, internet.SSLServer)):
self.assertEquals(s.kwargs["backlog"], 1024)
def test_noSSL(self):
"""
Test the single service to make sure there is no SSL Service when SSL
is disabled
"""
# Note: the listeners are bundled within a MultiService named "ConnectionService"
service = CalDAVServiceMaker().makeService(self.options)
service = service.getServiceNamed(CalDAVService.connectionServiceName)
self.assertNotIn(
internet.SSLServer,
[s.__class__ for s in service.services]
)
def test_noHTTP(self):
"""
Test the single service to make sure there is no TCPServer when
HTTPPort is not configured
"""
# Note: the listeners are bundled within a MultiService named "ConnectionService"
service = CalDAVServiceMaker().makeService(self.options)
service = service.getServiceNamed(CalDAVService.connectionServiceName)
self.assertNotIn(
internet.TCPServer,
[s.__class__ for s in service.services]
)
def test_storeQueuerSetInMaster(self):
"""
In the master, the store's queuer should be set to a
L{PeerConnectionPool}, so that work can be distributed to other
processes.
"""
class NotAStore(object):
queuer = LocalQueuer(None)
def __init__(self, directory):
self.directory = directory
def newTransaction(self):
return None
def callWithNewTransactions(self, x):
pass
def directoryService(self):
return self.directory
store = NotAStore(self.directory)
def something(proposal):
pass
store.queuer.callWithNewProposals(something)
def patch(maker):
def storageServiceStandIn(createMainService,
logObserver,
uid=None,
gid=None,
directory=None):
pool = None
logObserver = None
storageService = None
svc = createMainService(pool, store, logObserver,
storageService)
multi = MultiService()
svc.setServiceParent(multi)
return multi
self.patch(maker, "storageService", storageServiceStandIn)
return maker
maker = CalDAVServiceMaker()
maker = patch(maker)
maker.makeService(self.options)
self.assertIsInstance(store.queuer, PeerConnectionPool)
self.assertIn(something, store.queuer.proposalCallbacks)
def test_storeQueuerSetInMaster(self):
"""
In the master, the store's queuer should be set to a
L{PeerConnectionPool}, so that work can be distributed to other
processes.
"""
class NotAStore(object):
queuer = LocalQueuer(None)
def __init__(self, directory):
self.directory = directory
def newTransaction(self):
return None
def callWithNewTransactions(self, x):
pass
def directoryService(self):
return self.directory
store = NotAStore(self.directory)
def something(proposal):
pass
store.queuer.callWithNewProposals(something)
def patch(maker):
def storageServiceStandIn(createMainService, logObserver,
uid=None, gid=None, directory=None):
pool = None
logObserver = None
storageService = None
svc = createMainService(
pool, store, logObserver, storageService
)
multi = MultiService()
svc.setServiceParent(multi)
return multi
self.patch(maker, "storageService", storageServiceStandIn)
return maker
maker = CalDAVServiceMaker()
maker = patch(maker)
maker.makeService(self.options)
self.assertIsInstance(store.queuer, PeerConnectionPool)
self.assertIn(something, store.queuer.proposalCallbacks)
def test_defaultListeners(self):
"""
Test that the Slave service has sub services with the
default TCP and SSL configuration
"""
# Note: the listeners are bundled within a MultiService named "ConnectionService"
service = CalDAVServiceMaker().makeService(self.options)
service = service.getServiceNamed(CalDAVService.connectionServiceName)
expectedSubServices = dict((
(MaxAcceptTCPServer, config.HTTPPort),
(MaxAcceptSSLServer, config.SSLPort),
))
configuredSubServices = [(s.__class__, getattr(s, 'args', None))
for s in service.services]
checked = 0
for serviceClass, serviceArgs in configuredSubServices:
if serviceClass in expectedSubServices:
checked += 1
self.assertEquals(
serviceArgs[0],
dict(expectedSubServices)[serviceClass]
)
# TCP+SSL services for each bind address
self.assertEquals(checked, 2 * len(config.BindAddresses))
def test_SSLKeyConfiguration(self):
"""
Test that the configuration of the SSLServer reflect the config file's
SSL Private Key and SSL Certificate
"""
# Note: the listeners are bundled within a MultiService named "ConnectionService"
service = CalDAVServiceMaker().makeService(self.options)
service = service.getServiceNamed(CalDAVService.connectionServiceName)
sslService = None
for s in service.services:
if isinstance(s, internet.SSLServer):
sslService = s
break
self.failIf(sslService is None, "No SSL Service found")
context = sslService.args[2]
self.assertEquals(
config.SSLPrivateKey,
context.privateKeyFileName
)
self.assertEquals(
config.SSLCertificate,
context.certificateFileName,
)
def test_defaultService(self):
"""
Test the value of a Slave service in it's simplest
configuration.
"""
service = CalDAVServiceMaker().makeService(self.options)
self.failUnless(IService(service),
"%s does not provide IService" % (service, ))
self.failUnless(service.services, "No services configured")
self.failUnless(isinstance(service, CalDAVService),
"%s is not a CalDAVService" % (service, ))
def test_processMonitor(self):
"""
In the master, there should be exactly one
L{DelayedStartupProcessMonitor} in the service hierarchy so that it
will be started by startup.
"""
self.assertEquals(
1,
len(
list(
inServiceHierarchy(
CalDAVServiceMaker().makeService(self.options), lambda
x: isinstance(x, DelayedStartupProcessMonitor)))))
def test_memcacheINET(self):
"""
Spawn a memcached process listening on a network socket that becomes
connectable in no more than one second. Interact with it.
"""
self.patch(config.Memcached.Pools.Default, "MemcacheSocket", "")
ba = config.Memcached.Pools.Default.BindAddress
bp = config.Memcached.Pools.Default.Port
CalDAVServiceMaker()._spawnMemcached(monitor=self.monitor)
sleep(1)
mc = memcacheclient.Client(["{}:{}".format(ba, bp)], debug=1)
rando = random.random()
mc.set("the_password", rando)
self.assertEquals(rando, mc.get("the_password"))
mc.disconnect_all()
def test_memcacheUnix(self):
"""
Spawn a memcached process listening on a unix socket that becomes
connectable in no more than one second. Connect and interact.
Verify secure file permissions on the socket file.
"""
self.patch(config.Memcached.Pools.Default, "MemcacheSocket", self.socket)
CalDAVServiceMaker()._spawnMemcached(monitor=self.monitor)
sleep(1)
mc = memcacheclient.Client(["unix:{}".format(self.socket)], debug=1)
rando = random.random()
mc.set("the_answer", rando)
self.assertEquals(rando, mc.get("the_answer"))
# The socket file should not be usable to other users
st = os.stat(self.socket)
self.assertTrue(str(oct(st.st_mode)).endswith("00"))
mc.disconnect_all()
def customServiceMaker():
customService = CalDAVServiceMaker()
customService.doPostImport = options["postprocess"]
return customService
def customServiceMaker():
customService = CalDAVServiceMaker()
customService.doPostImport = options["postprocess"]
return customService
def test_makeService(self):
CalDAVServiceMaker().makeService(self.options)
def test_makeService(self):
self.assertRaises(UsageError,
CalDAVServiceMaker().makeService, self.options)
