From 3e4fa1e2022970dee003bea0932ea0c10f8744ba Mon Sep 17 00:00:00 2001 From: Andrei Zeliankou Date: Thu, 25 May 2023 14:26:12 +0100 Subject: Tests: removed unused variables. --- test/test_tls_conf_command.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'test/test_tls_conf_command.py') diff --git a/test/test_tls_conf_command.py b/test/test_tls_conf_command.py index 605848ea..f2238574 100644 --- a/test/test_tls_conf_command.py +++ b/test/test_tls_conf_command.py @@ -8,7 +8,7 @@ class TestTLSConfCommand(TestApplicationTLS): prerequisites = {'modules': {'openssl': 'any'}} @pytest.fixture(autouse=True) - def setup_method_fixture(self, request): + def setup_method_fixture(self): self.certificate() assert 'success' in self.conf( @@ -35,7 +35,7 @@ class TestTLSConfCommand(TestApplicationTLS): # Set one conf_commands (disable protocol). - (resp, sock) = self.get_ssl(start=True) + (_, sock) = self.get_ssl(start=True) shared_ciphers = sock.shared_ciphers() protocols = list(set(c[1] for c in shared_ciphers)) @@ -55,7 +55,7 @@ class TestTLSConfCommand(TestApplicationTLS): sock.close() if len(protocols) > 1: - (resp, sock) = self.get_ssl(start=True) + (_, sock) = self.get_ssl(start=True) cipher = sock.cipher() assert cipher[1] != protocol, 'new protocol used' @@ -82,7 +82,7 @@ class TestTLSConfCommand(TestApplicationTLS): ), 'cipher disabled' if len(ciphers) > 1: - (resp, sock) = self.get_ssl(start=True) + (_, sock) = self.get_ssl(start=True) cipher_new = sock.cipher() assert cipher_new[1] == cipher[1], 'previous protocol used' -- cgit From ce2405ec3dd97e8bdf8f63312e3c6ce59ef562d4 Mon Sep 17 00:00:00 2001 From: Andrei Zeliankou Date: Mon, 12 Jun 2023 14:16:59 +0100 Subject: Tests: prerequisites checking reworked. Prerequisites check moved to the module level to simplify class structure. Discovery and prerequisites checks functions moved to the separate files. Introduced "require" fixture to provide per-test requirements check. --- test/test_tls_conf_command.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test/test_tls_conf_command.py') diff --git a/test/test_tls_conf_command.py b/test/test_tls_conf_command.py index f2238574..a7500551 100644 --- a/test/test_tls_conf_command.py +++ b/test/test_tls_conf_command.py @@ -3,10 +3,10 @@ import ssl import pytest from unit.applications.tls import TestApplicationTLS +prerequisites = {'modules': {'openssl': 'any'}} -class TestTLSConfCommand(TestApplicationTLS): - prerequisites = {'modules': {'openssl': 'any'}} +class TestTLSConfCommand(TestApplicationTLS): @pytest.fixture(autouse=True) def setup_method_fixture(self): self.certificate() -- cgit From c183bd8749a19477390f8cb77efe5f6d223f0905 Mon Sep 17 00:00:00 2001 From: Andrei Zeliankou Date: Wed, 14 Jun 2023 18:20:09 +0100 Subject: Tests: get rid of classes in test files. Class usage came from the unittest framework and it was always redundant after migration to the pytest. This commit removes classes from files containing tests to make them more readable and understandable. --- test/test_tls_conf_command.py | 165 +++++++++++++++++++++--------------------- 1 file changed, 84 insertions(+), 81 deletions(-) (limited to 'test/test_tls_conf_command.py') diff --git a/test/test_tls_conf_command.py b/test/test_tls_conf_command.py index a7500551..d48efe64 100644 --- a/test/test_tls_conf_command.py +++ b/test/test_tls_conf_command.py @@ -1,111 +1,114 @@ import ssl import pytest -from unit.applications.tls import TestApplicationTLS +from unit.applications.tls import ApplicationTLS prerequisites = {'modules': {'openssl': 'any'}} +client = ApplicationTLS() -class TestTLSConfCommand(TestApplicationTLS): - @pytest.fixture(autouse=True) - def setup_method_fixture(self): - self.certificate() - assert 'success' in self.conf( - { - "listeners": { - "*:7080": { - "pass": "routes", - "tls": {"certificate": "default"}, - } - }, - "routes": [{"action": {"return": 200}}], - "applications": {}, - } - ), 'load application configuration' +@pytest.fixture(autouse=True) +def setup_method_fixture(): + client.certificate() - def test_tls_conf_command(self): - def check_no_connection(): - try: - self.get_ssl() - pytest.fail('Unexpected connection.') + assert 'success' in client.conf( + { + "listeners": { + "*:7080": { + "pass": "routes", + "tls": {"certificate": "default"}, + } + }, + "routes": [{"action": {"return": 200}}], + "applications": {}, + } + ), 'load application configuration' - except (ssl.SSLError, ConnectionRefusedError): - pass - # Set one conf_commands (disable protocol). +def test_tls_conf_command(): + def check_no_connection(): + try: + client.get_ssl() + pytest.fail('Unexpected connection.') - (_, sock) = self.get_ssl(start=True) + except (ssl.SSLError, ConnectionRefusedError): + pass - shared_ciphers = sock.shared_ciphers() - protocols = list(set(c[1] for c in shared_ciphers)) - protocol = sock.cipher()[1] + # Set one conf_commands (disable protocol). - if '/' in protocol: - pytest.skip('Complex protocol format.') + (_, sock) = client.get_ssl(start=True) - assert 'success' in self.conf( - { - "certificate": "default", - "conf_commands": {"protocol": f'-{protocol}'}, - }, - 'listeners/*:7080/tls', - ), 'protocol disabled' + shared_ciphers = sock.shared_ciphers() + protocols = list(set(c[1] for c in shared_ciphers)) + protocol = sock.cipher()[1] - sock.close() + if '/' in protocol: + pytest.skip('Complex protocol format.') - if len(protocols) > 1: - (_, sock) = self.get_ssl(start=True) + assert 'success' in client.conf( + { + "certificate": "default", + "conf_commands": {"protocol": f'-{protocol}'}, + }, + 'listeners/*:7080/tls', + ), 'protocol disabled' - cipher = sock.cipher() - assert cipher[1] != protocol, 'new protocol used' + sock.close() - shared_ciphers = sock.shared_ciphers() - ciphers = list(set(c for c in shared_ciphers if c[1] == cipher[1])) + if len(protocols) > 1: + (_, sock) = client.get_ssl(start=True) - sock.close() - else: - check_no_connection() - pytest.skip('One TLS protocol available only.') + cipher = sock.cipher() + assert cipher[1] != protocol, 'new protocol used' - # Set two conf_commands (disable protocol and cipher). + shared_ciphers = sock.shared_ciphers() + ciphers = list(set(c for c in shared_ciphers if c[1] == cipher[1])) - assert 'success' in self.conf( - { - "certificate": "default", - "conf_commands": { - "protocol": f'-{protocol}', - "cipherstring": f"{cipher[1]}:!{cipher[0]}", - }, + sock.close() + else: + check_no_connection() + pytest.skip('One TLS protocol available only.') + + # Set two conf_commands (disable protocol and cipher). + + assert 'success' in client.conf( + { + "certificate": "default", + "conf_commands": { + "protocol": f'-{protocol}', + "cipherstring": f"{cipher[1]}:!{cipher[0]}", }, - 'listeners/*:7080/tls', - ), 'cipher disabled' + }, + 'listeners/*:7080/tls', + ), 'cipher disabled' - if len(ciphers) > 1: - (_, sock) = self.get_ssl(start=True) + if len(ciphers) > 1: + (_, sock) = client.get_ssl(start=True) - cipher_new = sock.cipher() - assert cipher_new[1] == cipher[1], 'previous protocol used' - assert cipher_new[0] != cipher[0], 'new cipher used' + cipher_new = sock.cipher() + assert cipher_new[1] == cipher[1], 'previous protocol used' + assert cipher_new[0] != cipher[0], 'new cipher used' - sock.close() + sock.close() - else: - check_no_connection() + else: + check_no_connection() - def test_tls_conf_command_invalid(self, skip_alert): - skip_alert(r'SSL_CONF_cmd', r'failed to apply new conf') - def check_conf_commands(conf_commands): - assert 'error' in self.conf( - {"certificate": "default", "conf_commands": conf_commands}, - 'listeners/*:7080/tls', - ), 'ivalid conf_commands' +def test_tls_conf_command_invalid(skip_alert): + skip_alert(r'SSL_CONF_cmd', r'failed to apply new conf') - check_conf_commands([]) - check_conf_commands("blah") - check_conf_commands({"": ""}) - check_conf_commands({"blah": ""}) - check_conf_commands({"protocol": {}}) - check_conf_commands({"protocol": "blah"}) - check_conf_commands({"protocol": "TLSv1.2", "blah": ""}) + def check_conf_commands(conf_commands): + assert 'error' in client.conf( + {"certificate": "default", "conf_commands": conf_commands}, + 'listeners/*:7080/tls', + ), 'ivalid conf_commands' + + check_conf_commands([]) + check_conf_commands("blah") + check_conf_commands({"": ""}) + check_conf_commands({"blah": ""}) + check_conf_commands({"protocol": {}}) + check_conf_commands({"protocol": "blah"}) + check_conf_commands({"protocol": "TLSv1.2", "blah": ""}) -- cgit From 075c6a7038c9a4b2d5a9e6279bf406c83ccc8d27 Mon Sep 17 00:00:00 2001 From: Andrei Zeliankou Date: Mon, 10 Jul 2023 15:24:15 +0100 Subject: Tests: check TLS methods availability more carefully. --- test/test_tls_conf_command.py | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'test/test_tls_conf_command.py') diff --git a/test/test_tls_conf_command.py b/test/test_tls_conf_command.py index d48efe64..49df7bf3 100644 --- a/test/test_tls_conf_command.py +++ b/test/test_tls_conf_command.py @@ -40,6 +40,10 @@ def test_tls_conf_command(): (_, sock) = client.get_ssl(start=True) shared_ciphers = sock.shared_ciphers() + + if not shared_ciphers: + pytest.skip('no shared ciphers') + protocols = list(set(c[1] for c in shared_ciphers)) protocol = sock.cipher()[1] -- cgit