-
Notifications
You must be signed in to change notification settings - Fork 350
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
adds integration test for manual https certs
- Loading branch information
Showing
2 changed files
with
88 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| """pytest fixtures""" | ||
|
|
||
| import os | ||
|
|
||
| from pytest import fixture | ||
|
|
||
| from tljh.config import CONFIG_FILE, reload_component | ||
|
|
||
|
|
||
| @fixture | ||
| def preserve_config(request): | ||
| """Fixture to save and restore config around tests""" | ||
| if os.path.exists(CONFIG_FILE): | ||
| with open(CONFIG_FILE) as f: | ||
| save_config = f.read() | ||
| else: | ||
| save_config = None | ||
| try: | ||
| yield | ||
| finally: | ||
| if save_config: | ||
| with open(CONFIG_FILE, "w") as f: | ||
| f.write(save_config) | ||
| elif os.path.exists(CONFIG_FILE): | ||
| os.remove(CONFIG_FILE) | ||
| reload_component("hub") | ||
| reload_component("proxy") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| """tests for the proxy""" | ||
| import os | ||
| import shutil | ||
| import ssl | ||
| from subprocess import Popen | ||
| import time | ||
|
|
||
| import requests | ||
|
|
||
| from tljh.config import reload_component, set_config_value, CONFIG_FILE | ||
|
|
||
|
|
||
| def test_manual_https(preserve_config): | ||
| ssl_dir = "/etc/tljh-ssl-test" | ||
| key = ssl_dir + "/ssl.key" | ||
| cert = ssl_dir + "/ssl.cert" | ||
| os.makedirs(ssl_dir, exist_ok=True) | ||
| os.chmod(ssl_dir, 0o600) | ||
| # generate key and cert | ||
| Popen( | ||
| [ | ||
| "openssl", | ||
| "req", | ||
| "-nodes", | ||
| "-newkey", | ||
| "rsa:2048", | ||
| "-keyout", | ||
| key, | ||
| "-x509", | ||
| "-days", | ||
| "1", | ||
| "-out", | ||
| cert, | ||
| "-subj", | ||
| "/CN=tljh.jupyer.org", | ||
| ] | ||
| ) | ||
| set_config_value(CONFIG_FILE, "https.enabled", True) | ||
| set_config_value(CONFIG_FILE, "https.tls.key", key) | ||
| set_config_value(CONFIG_FILE, "https.tls.cert", cert) | ||
| reload_component("proxy") | ||
| for i in range(10): | ||
| time.sleep(i) | ||
| try: | ||
| server_cert = ssl.get_server_certificate(("127.0.0.1", 443)) | ||
| except Exception as e: | ||
| print(e) | ||
| else: | ||
| break | ||
| with open(cert) as f: | ||
| file_cert = f.read() | ||
|
|
||
| # verify that our certificate was loaded by traefik | ||
| assert server_cert == file_cert | ||
|
|
||
| # verify that we can still connect to the hub | ||
| r = requests.get("https://127.0.0.1/hub/api", verify=False) | ||
| r.raise_for_status() | ||
|
|
||
| # cleanup | ||
| shutil.rmtree(ssl_dir) |