Add unit tests for sslutils

Change-Id: I964b8a228eb4d2ad1668f867f4b01a1cc6700522

oslo_service/tests/base.py

@@ -16,6 +16,7 @@ from oslo_config import fixture as config
 from oslotest import base as test_base
 
 from oslo_service import _options
+from oslo_service import sslutils
 
 
 class ServiceBaseTestCase(test_base.BaseTestCase):
@@ -25,7 +26,8 @@ class ServiceBaseTestCase(test_base.BaseTestCase):
         self.conf_fixture = self.useFixture(config.Config())
         self.conf_fixture.register_opts(_options.eventlet_backdoor_opts)
         self.conf_fixture.register_opts(_options.service_opts)
-        self.conf_fixture.register_opts(_options.ssl_opts)
+        self.conf_fixture.register_opts(_options.ssl_opts,
+                                        sslutils.config_section)
         self.conf_fixture.register_opts(_options.periodic_opts)
 
         self.conf = self.conf_fixture.conf

oslo_service/tests/test_sslutils.py

@@ -0,0 +1,109 @@
+# Copyright 2015 Mirantis, Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import mock
+import os
+import ssl
+
+from oslo_config import cfg
+
+from oslo_service import sslutils
+from oslo_service.tests import base
+
+
+CONF = cfg.CONF
+
+SSL_CERT_DIR = os.path.normpath(os.path.join(
+                                os.path.dirname(os.path.abspath(__file__)),
+                                'ssl_cert'))
+
+
+class SslutilsTestCase(base.ServiceBaseTestCase):
+    """Test cases for sslutils."""
+
+    def setUp(self):
+        super(SslutilsTestCase, self).setUp()
+        self.cert_file_name = os.path.join(SSL_CERT_DIR, 'certificate.crt')
+        self.key_file_name = os.path.join(SSL_CERT_DIR, 'privatekey.key')
+        self.ca_file_name = os.path.join(SSL_CERT_DIR, 'ca.crt')
+
+    @mock.patch("exceptions.RuntimeError")
+    @mock.patch("os.path.exists")
+    def test_is_enabled(self, exists_mock, runtime_error_mock):
+        exists_mock.return_value = True
+        self.conf.set_default("cert_file", self.cert_file_name,
+                              group=sslutils.config_section)
+        self.conf.set_default("key_file", self.key_file_name,
+                              group=sslutils.config_section)
+        self.conf.set_default("ca_file", self.ca_file_name,
+                              group=sslutils.config_section)
+        sslutils.is_enabled(self.conf)
+        self.assertFalse(runtime_error_mock.called)
+
+    @mock.patch("os.path.exists")
+    def test_is_enabled_no_ssl_cert_file_fails(self, exists_mock):
+        exists_mock.side_effect = [False]
+        self.conf.set_default("cert_file", "/no/such/file",
+                              group=sslutils.config_section)
+        self.assertRaises(RuntimeError, sslutils.is_enabled, self.conf)
+
+    @mock.patch("os.path.exists")
+    def test_is_enabled_no_ssl_key_file_fails(self, exists_mock):
+        exists_mock.side_effect = [True, False]
+        self.conf.set_default("cert_file", self.cert_file_name,
+                              group=sslutils.config_section)
+        self.conf.set_default("key_file", "/no/such/file",
+                              group=sslutils.config_section)
+        self.assertRaises(RuntimeError, sslutils.is_enabled, self.conf)
+
+    @mock.patch("os.path.exists")
+    def test_is_enabled_no_ssl_ca_file_fails(self, exists_mock):
+        exists_mock.side_effect = [True, True, False]
+        self.conf.set_default("cert_file", self.cert_file_name,
+                              group=sslutils.config_section)
+        self.conf.set_default("key_file", self.key_file_name,
+                              group=sslutils.config_section)
+        self.conf.set_default("ca_file", "/no/such/file",
+                              group=sslutils.config_section)
+        self.assertRaises(RuntimeError, sslutils.is_enabled, self.conf)
+
+    @mock.patch("ssl.wrap_socket")
+    @mock.patch("os.path.exists")
+    def _test_wrap(self, exists_mock, wrap_socket_mock, **kwargs):
+        exists_mock.return_value = True
+        sock = mock.Mock()
+        self.conf.set_default("cert_file", self.cert_file_name,
+                              group=sslutils.config_section)
+        self.conf.set_default("key_file", self.key_file_name,
+                              group=sslutils.config_section)
+        ssl_kwargs = {'server_side': True,
+                      'certfile': self.conf.ssl.cert_file,
+                      'keyfile': self.conf.ssl.key_file,
+                      'cert_reqs': ssl.CERT_NONE,
+                      }
+        if kwargs:
+            ssl_kwargs.update(**kwargs)
+        sslutils.wrap(self.conf, sock)
+        wrap_socket_mock.assert_called_once_with(sock, **ssl_kwargs)
+
+    def test_wrap(self):
+        self._test_wrap()
+
+    def test_wrap_ca_file(self):
+        self.conf.set_default("ca_file", self.ca_file_name,
+                              group=sslutils.config_section)
+        ssl_kwargs = {'ca_certs': self.conf.ssl.ca_file,
+                      'cert_reqs': ssl.CERT_REQUIRED
+                      }
+        self._test_wrap(**ssl_kwargs)