Introduce proxy-verifier to AuTests

.gitignore

@@ -193,6 +193,7 @@ RELEASE
 
 # autest
 tests/env-test/
+tests/proxy-verifier
 tests/Pipfile.lock
 tests/gold_tests/chunked_encoding/smuggle-client
 tests/gold_tests/tls/ssl-post

tests/autest.sh

@@ -1,4 +1,5 @@
 #!/bin/bash
+# vim: sw=4:ts=4:softtabstop=4:ai:et
 
 #  Licensed to the Apache Software Foundation (ASF) under one
 #  or more contributor license agreements.  See the NOTICE file
@@ -16,9 +17,10 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 
+./prepare_proxy_verifier.sh
 pushd $(dirname $0) > /dev/null
 export PYTHONPATH=$(pwd):$PYTHONPATH
-./test-env-check.sh;
+./test-env-check.sh
 # this is for rhel or centos systems
 echo "Environment config finished. Running AuTest..."
 pipenv run autest -D gold_tests "$@"

tests/gold_tests/autest-site/init.cli.ext

@@ -39,3 +39,7 @@ Settings.path_argument(["--ats-bin"],
 Settings.path_argument(["--build-root"],
                        required=False,
                        help="The location of the build root for out of source builds")
+
+Settings.path_argument(["--proxy-verifier-bin"],
+                       required=False,
+                       help="A location for system proxy-verifier binaries to test with.")

tests/gold_tests/autest-site/setup.cli.ext

@@ -21,6 +21,10 @@ import os
 from os.path import dirname
 import pprint
 import subprocess
+import shutil
+
+test_root = dirname(dirname(AutestSitePath))
+repo_root = dirname(test_root)
 
 if Arguments.ats_bin is not None:
     # Add environment variables
@@ -30,10 +34,40 @@ if Arguments.build_root is not None:
     ENV['BUILD_ROOT'] = Arguments.build_root
 else:
     # Assume the build root is the same directory tree as the test location.
-    ENV['BUILD_ROOT'] = dirname(dirname(dirname(AutestSitePath)))
+    ENV['BUILD_ROOT'] = repo_root
 
 host.WriteVerbose(['ats'], "Test build root: {}:".format(ENV['BUILD_ROOT']))
 
+if Arguments.proxy_verifier_bin is not None:
+    ENV['VERIFIER_BIN'] = Arguments.proxy_verifier_bin
+    host.WriteVerbose(
+        ['ats'],
+        "Expecting Proxy Verifier to be in user-supplied bin path: ",
+        ENV['VERIFIER_BIN'])
+else:
+    # No Verifier bin path was specified. First see if a Proxy Verifier was
+    # unpacked as a part of preparing for this test.
+    unpack_bin = os.path.join(test_root, 'proxy-verifier', 'unpack', 'bin')
+    if os.path.exists(os.path.join(unpack_bin, 'verifier-client')):
+        ENV['VERIFIER_BIN'] = unpack_bin
+        host.WriteVerbose(
+            ['ats'],
+            "Using locally unpacked Proxy Verifier: ",
+            ENV['VERIFIER_BIN'])
+    else:
+        # Finally check the PATH.
+        path_search = shutil.which('verifier-client')
+        if path_search is not None:
+            ENV['VERIFIER_BIN'] = dirname(path_search)
+            host.WriteVerbose(
+                ['ats'],
+                "Using Proxy Verifier found in PATH: ",
+                ENV['VERIFIER_BIN'])
+        else:
+            prepare_proxy_verifier_path = os.path.join(test_root, "prepare_proxy_verifier.sh")
+            host.WriteError("Could not find Proxy Verifier binaries. "
+                            "Try running: ", prepare_proxy_verifier_path)
+
 if ENV['ATS_BIN'] is not None:
     # Add variables for Tests
     traffic_layout = os.path.join(ENV['ATS_BIN'], "traffic_layout")
@@ -91,6 +125,7 @@ if ENV['ATS_BIN'] is not None:
 
 Variables.AtsExampleDir = os.path.join(AutestSitePath, '..', '..', '..', 'example')
 Variables.AtsTestToolsDir = os.path.join(AutestSitePath, '..', '..', 'tools')
+Variables.VerifierBinPath = ENV['VERIFIER_BIN']
 Variables.BuildRoot = ENV['BUILD_ROOT']
 Variables.AtsTestPluginsDir = os.path.join(Variables.BuildRoot, 'tests', 'tools', 'plugins', '.libs')
 Variables.AtsBuildGoldTestsDir = os.path.join(Variables.BuildRoot, 'tests', 'gold_tests')

tests/gold_tests/autest-site/verifier_client.test.ext

@@ -0,0 +1,155 @@
+'''
+Implement the Proxy Verifier client extensions.
+'''
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+
+import os
+from verifier_common import create_address_argument
+
+
+def _configure_client(obj, process, name, replay_path, http_ports=None,
+                      https_ports=None, keys=None, ssl_cert='', ca_cert='',
+                      other_args='--verbose diag'):
+    """
+    Configure the process for running the verifier-client.
+
+    Args:
+        obj: An object that has a RunDirectory attribute.
+
+        process: (Process) The test process to configure for verifier-client.
+
+        See AddVerifierClientProcess for a description of all other arguments.
+    """
+
+    # Create the directory we will setup for the replay binaries to run under.
+    client_dir = os.path.join(obj.RunDirectory, name)
+
+    # Create a link of the binary to the rundir and set up the PATH variable.
+    # This will be the verifier-client that gets run.
+    bin_dir = 'bin'
+    process.Env['CLIENT_BIN_PATH'] = bin_dir
+    bin_path = os.path.join(client_dir, bin_dir)
+    process.Env['PATH'] = bin_path + os.pathsep + process.ComposeEnv()['PATH']
+    process.Setup.Copy(process.Variables.VerifierBinPath, bin_path, CopyLogic.SoftFiles)
+
+    if http_ports is None and https_ports is None:
+        raise ValueError("http_ports and/or https_ports must be supplied.")
+
+    # Configure the verifier-client command line arguments.
+    command = "verifier-client run "
+    if replay_path:
+        # Create a copy of the replay directory in the run directory.
+        run_replay_path = os.path.join(client_dir, os.path.basename(replay_path))
+        process.Setup.Copy(replay_path, run_replay_path, CopyLogic.SoftFiles)
+        command += " {} ".format(run_replay_path)
+
+    if not http_ports:
+        http_ports = [8080]
+    if http_ports:
+        command += create_address_argument(http_ports)
+        command += " "
+
+    if not https_ports:
+        https_ports = [4443]
+    if https_ports:
+        command += create_address_argument(https_ports)
+        command += " "
+
+        if ssl_cert == '':
+            ssl_cert = os.path.join(obj.Variables["AtsTestToolsDir"],
+                                    "proxy-verifier", "ssl", "client.pem")
+
+            if not os.path.isfile(ssl_cert):
+                raise ValueError("Tried to use '{}' for --client-cert, but it is not "
+                                 "a valid file.".format(ssl_cert))
+        if ssl_cert:
+            run_ssl_cert = ssl_cert
+            if os.path.isfile(ssl_cert):
+                run_ssl_cert = os.path.join(client_dir, os.path.basename(ssl_cert))
+                process.Setup.Copy(ssl_cert, run_ssl_cert, CopyLogic.SoftFiles)
+            command += ' --client-cert "{}" '.format(run_ssl_cert)
+
+        if ca_cert == '':
+            ca_cert = os.path.join(obj.Variables["AtsTestToolsDir"],
+                                   "proxy-verifier", "ssl", "ca.pem")
+
+            if not os.path.isfile(ca_cert):
+                raise ValueError("Tried to use '{}' for --ca-certs, but it is not "
+                                 "a valid file.".format(ca_cert))
+        if ca_cert:
+            run_ca_cert = ca_cert
+            if os.path.isfile(ca_cert):
+                run_ca_cert = os.path.join(client_dir, os.path.basename(ca_cert))
+                process.Setup.Copy(ca_cert, run_ca_cert, CopyLogic.SoftFiles)
+            command += ' --ca-certs "{}" '.format(run_ca_cert)
+
+    if other_args:
+        command += " {}".format(other_args)
+
+    if keys is not None:
+        command += " --keys {}".format(keys)
+
+    process.Command = command
+    process.ReturnCode = 0
+
+    process.Streams.stdout = Testers.ExcludesExpression(
+        "Violation|Invalid status",
+        "There should be no Proxy Verifier violation errors.")
+
+
+def AddVerifierClientProcess(run, name, replay_path, http_ports=None,
+                             https_ports=None, keys=None, ssl_cert='', ca_cert='',
+                             other_args='--verbose diag'):
+    """
+    Set the Default process of the test run to a verifier-client Process.
+
+    Args:
+        run: (TestRun) The test run to which the client process is added.
+
+        name: (str) The name to apply to this particular verifier-client instance.
+            Individual verifier-client processes must have unique names to
+            distinguish between them.
+
+        replay_path: (path) The file or directory containing the traffic replay
+            specification.
+
+        http_ports: (list of ints) The set of HTTP ports to connect on.
+
+        https_ports: (list of ints) The set of HTTPS ports to connect on.
+
+        ssl_cert: (path) The location of the cert for HTTPS encryption. If this
+            is not provided and stock ssl_cert will be used.
+
+        ca_cert: (path) The location of the CA for HTTPS encryption. If this
+            is not provided a stock CA will be used.
+
+        other_args: (str) Any other arbitrary options to pass to verifier-client.
+
+    Returns:
+        The newly constructed verifier-client for the test run, which is also the
+        Default Process of the test run.
+    """
+
+    p = run.Processes.Default
+    _configure_client(run, p, name, replay_path, http_ports, https_ports,
+                      keys, ssl_cert, ca_cert, other_args)
+    return p
+
+
+##########################################################################
+ExtendTestRun(AddVerifierClientProcess, name="AddVerifierClientProcess")

tests/gold_tests/autest-site/verifier_common.py

@@ -0,0 +1,35 @@
+'''
+Common utilities for the Proxy Verifier extensions.
+'''
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+
+def create_address_argument(ports):
+    """
+    >>> create_address_argument([8080, 8081])
+    '"127.0.0.1:8080,127.0.0.1:8081"'
+    """
+    is_first = True
+    argument = '"'
+    for port in ports:
+        if is_first:
+            is_first = False
+        else:
+            argument += ','
+        argument += "127.0.0.1:{}".format(port)
+    argument += '"'
+    return argument