From af6d24196a8133c3243abb934eddc2677d5b3180 Mon Sep 17 00:00:00 2001 From: Elena Ezhova Date: Fri, 25 Sep 2015 16:49:27 +0300 Subject: [PATCH] Add unit tests for sslutils Change-Id: I964b8a228eb4d2ad1668f867f4b01a1cc6700522 --- oslo_service/tests/base.py | 4 +- oslo_service/tests/test_sslutils.py | 109 ++++++++++++++++++++++++++++ 2 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 oslo_service/tests/test_sslutils.py diff --git a/oslo_service/tests/base.py b/oslo_service/tests/base.py index 33243a96..0236e0fd 100644 --- a/oslo_service/tests/base.py +++ b/oslo_service/tests/base.py @@ -16,6 +16,7 @@ from oslo_config import fixture as config from oslotest import base as test_base from oslo_service import _options +from oslo_service import sslutils class ServiceBaseTestCase(test_base.BaseTestCase): @@ -25,7 +26,8 @@ class ServiceBaseTestCase(test_base.BaseTestCase): self.conf_fixture = self.useFixture(config.Config()) self.conf_fixture.register_opts(_options.eventlet_backdoor_opts) self.conf_fixture.register_opts(_options.service_opts) - self.conf_fixture.register_opts(_options.ssl_opts) + self.conf_fixture.register_opts(_options.ssl_opts, + sslutils.config_section) self.conf_fixture.register_opts(_options.periodic_opts) self.conf = self.conf_fixture.conf diff --git a/oslo_service/tests/test_sslutils.py b/oslo_service/tests/test_sslutils.py new file mode 100644 index 00000000..1cc5ec07 --- /dev/null +++ b/oslo_service/tests/test_sslutils.py @@ -0,0 +1,109 @@ +# Copyright 2015 Mirantis, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import mock +import os +import ssl + +from oslo_config import cfg + +from oslo_service import sslutils +from oslo_service.tests import base + + +CONF = cfg.CONF + +SSL_CERT_DIR = os.path.normpath(os.path.join( + os.path.dirname(os.path.abspath(__file__)), + 'ssl_cert')) + + +class SslutilsTestCase(base.ServiceBaseTestCase): + """Test cases for sslutils.""" + + def setUp(self): + super(SslutilsTestCase, self).setUp() + self.cert_file_name = os.path.join(SSL_CERT_DIR, 'certificate.crt') + self.key_file_name = os.path.join(SSL_CERT_DIR, 'privatekey.key') + self.ca_file_name = os.path.join(SSL_CERT_DIR, 'ca.crt') + + @mock.patch("exceptions.RuntimeError") + @mock.patch("os.path.exists") + def test_is_enabled(self, exists_mock, runtime_error_mock): + exists_mock.return_value = True + self.conf.set_default("cert_file", self.cert_file_name, + group=sslutils.config_section) + self.conf.set_default("key_file", self.key_file_name, + group=sslutils.config_section) + self.conf.set_default("ca_file", self.ca_file_name, + group=sslutils.config_section) + sslutils.is_enabled(self.conf) + self.assertFalse(runtime_error_mock.called) + + @mock.patch("os.path.exists") + def test_is_enabled_no_ssl_cert_file_fails(self, exists_mock): + exists_mock.side_effect = [False] + self.conf.set_default("cert_file", "/no/such/file", + group=sslutils.config_section) + self.assertRaises(RuntimeError, sslutils.is_enabled, self.conf) + + @mock.patch("os.path.exists") + def test_is_enabled_no_ssl_key_file_fails(self, exists_mock): + exists_mock.side_effect = [True, False] + self.conf.set_default("cert_file", self.cert_file_name, + group=sslutils.config_section) + self.conf.set_default("key_file", "/no/such/file", + group=sslutils.config_section) + self.assertRaises(RuntimeError, sslutils.is_enabled, self.conf) + + @mock.patch("os.path.exists") + def test_is_enabled_no_ssl_ca_file_fails(self, exists_mock): + exists_mock.side_effect = [True, True, False] + self.conf.set_default("cert_file", self.cert_file_name, + group=sslutils.config_section) + self.conf.set_default("key_file", self.key_file_name, + group=sslutils.config_section) + self.conf.set_default("ca_file", "/no/such/file", + group=sslutils.config_section) + self.assertRaises(RuntimeError, sslutils.is_enabled, self.conf) + + @mock.patch("ssl.wrap_socket") + @mock.patch("os.path.exists") + def _test_wrap(self, exists_mock, wrap_socket_mock, **kwargs): + exists_mock.return_value = True + sock = mock.Mock() + self.conf.set_default("cert_file", self.cert_file_name, + group=sslutils.config_section) + self.conf.set_default("key_file", self.key_file_name, + group=sslutils.config_section) + ssl_kwargs = {'server_side': True, + 'certfile': self.conf.ssl.cert_file, + 'keyfile': self.conf.ssl.key_file, + 'cert_reqs': ssl.CERT_NONE, + } + if kwargs: + ssl_kwargs.update(**kwargs) + sslutils.wrap(self.conf, sock) + wrap_socket_mock.assert_called_once_with(sock, **ssl_kwargs) + + def test_wrap(self): + self._test_wrap() + + def test_wrap_ca_file(self): + self.conf.set_default("ca_file", self.ca_file_name, + group=sslutils.config_section) + ssl_kwargs = {'ca_certs': self.conf.ssl.ca_file, + 'cert_reqs': ssl.CERT_REQUIRED + } + self._test_wrap(**ssl_kwargs)