[ci skip]: Update v9.3.1 branch for MQ 9.3.1.0-r2 (#350)

* Update MQ version to 9.3.1.0-r2 * First part of the changes for SSLKEYR (#328) * Squashed all commits * Addressed review comments * Fix JMS test build issue (#340) * Fix JMS test build issue * Remove ciphername where not required * Fix issue1766 and add test case (#336) * Fix issue1766 and add test case * Address review comments * Updated copyright year * Resolve merge conflicts * Updating changelog (#346) * Updating changelog * Updating changelog * updated go-version & ubi
2022-11-21 15:02:25 +00:00
parent 4dbdc42ca5
commit e0c3b36b61
16 changed files with 402 additions and 41 deletions
--- a/test/docker/devconfig_test.go
+++ b/test/docker/devconfig_test.go
@@ -1,3 +1,4 @@
+//go:build mqdev
 // +build mqdev

 /*
@@ -51,8 +52,10 @@ func TestDevGoldenPath(t *testing.T) {
 	waitForReady(t, cli, id)
 	waitForWebReady(t, cli, id, insecureTLSConfig)
 	t.Run("JMS", func(t *testing.T) {
-		// Run the JMS tests, with no password specified
-		runJMSTests(t, cli, id, false, "app", defaultAppPasswordOS)
+		// Run the JMS tests, with no password specified.
+		// Use OpenJDK JRE for running testing, pass false for 7th parameter.
+		// Last parameter is blank as the test doesn't use TLS.
+		runJMSTests(t, cli, id, false, "app", defaultAppPasswordOS, "false", "")
 	})
 	t.Run("REST admin", func(t *testing.T) {
 		testRESTAdmin(t, cli, id, insecureTLSConfig)
@@ -115,7 +118,9 @@ func TestDevSecure(t *testing.T) {
 	waitForWebReady(t, cli, ctr.ID, createTLSConfig(t, cert, tlsPassPhrase))

 	t.Run("JMS", func(t *testing.T) {
-		runJMSTests(t, cli, ctr.ID, true, "app", appPassword)
+		// OpenJDK is used for running tests, hence pass "false" for 7th parameter.
+		// Cipher name specified is compliant with non-IBM JRE naming.
+		runJMSTests(t, cli, ctr.ID, true, "app", appPassword, "false", "TLS_RSA_WITH_AES_256_CBC_SHA256")
 	})
 	t.Run("REST admin", func(t *testing.T) {
 		testRESTAdmin(t, cli, ctr.ID, insecureTLSConfig)
@@ -153,7 +158,9 @@ func TestDevWebDisabled(t *testing.T) {
 	})
 	t.Run("JMS", func(t *testing.T) {
 		// Run the JMS tests, with no password specified
-		runJMSTests(t, cli, id, false, "app", defaultAppPasswordOS)
+		// OpenJDK is used for running tests, hence pass "false" for 7th parameter.
+		// Last parameter is blank as the test doesn't use TLS.
+		runJMSTests(t, cli, id, false, "app", defaultAppPasswordOS, "false", "")
 	})
 	// Stop the container cleanly
 	stopContainer(t, cli, id)
@@ -184,3 +191,131 @@ func TestDevConfigDisabled(t *testing.T) {
 	// Stop the container cleanly
 	stopContainer(t, cli, id)
 }
+
+// Test if SSLKEYR and CERTLABL attributes are not set when key and certificate
+// are not supplied.
+func TestSSLKEYRBlank(t *testing.T) {
+	t.Parallel()
+
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	if err != nil {
+		t.Fatal(err)
+	}
+	containerConfig := container.Config{
+		Env: []string{
+			"LICENSE=accept",
+			"MQ_QMGR_NAME=qm1",
+			"MQ_ENABLE_EMBEDDED_WEB_SERVER=false",
+		},
+	}
+	id := runContainerWithPorts(t, cli, &containerConfig, []int{9443})
+	defer cleanContainer(t, cli, id)
+	waitForReady(t, cli, id)
+	// execute runmqsc to display qmgr SSLKEYR and CERTLABL attibutes.
+	// Search the console output for exepcted values
+	_, sslkeyROutput := execContainer(t, cli, id, "", []string{"bash", "-c", "echo 'DISPLAY QMGR SSLKEYR CERTLABL' | runmqsc"})
+	if !strings.Contains(sslkeyROutput, "SSLKEYR( )") && !strings.Contains(sslkeyROutput, "CERTLABL( )") {
+		t.Errorf("Expected SSLKEYR to be blank but it is not; got \"%v\"", sslkeyROutput)
+	}
+
+	// Stop the container cleanly
+	stopContainer(t, cli, id)
+}
+
+// Test if SSLKEYR and CERTLABL attributes are set when key and certificate
+// are supplied.
+func TestSSLKEYRWithSuppliedKeyAndCert(t *testing.T) {
+	t.Parallel()
+
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	containerConfig := container.Config{
+		Env: []string{
+			"LICENSE=accept",
+			"MQ_QMGR_NAME=QM1",
+			"MQ_ENABLE_EMBEDDED_WEB_SERVER=false",
+		},
+		Image: imageName(),
+	}
+	hostConfig := container.HostConfig{
+		Binds: []string{
+			coverageBind(t),
+			tlsDir(t, false) + ":/etc/mqm/pki/keys/default",
+		},
+	}
+	networkingConfig := network.NetworkingConfig{}
+	ctr, err := cli.ContainerCreate(context.Background(), &containerConfig, &hostConfig, &networkingConfig, t.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer cleanContainer(t, cli, ctr.ID)
+	startContainer(t, cli, ctr.ID)
+	waitForReady(t, cli, ctr.ID)
+	// execute runmqsc to display qmgr SSLKEYR and CERTLABL attibutes.
+	// Search the console output for exepcted values
+	_, sslkeyROutput := execContainer(t, cli, ctr.ID, "", []string{"bash", "-c", "echo 'DISPLAY QMGR SSLKEYR CERTLABL' | runmqsc"})
+	if !strings.Contains(sslkeyROutput, "SSLKEYR(/run/runmqserver/tls/key)") && !strings.Contains(sslkeyROutput, "CERTLABL(default)") {
+		t.Errorf("Expected SSLKEYR to be '/run/runmqserver/tls/key' but it is not; got \"%v\"", sslkeyROutput)
+	}
+
+	// Stop the container cleanly
+	stopContainer(t, cli, ctr.ID)
+}
+
+// Test with CA cert
+func TestSSLKEYRWithCACert(t *testing.T) {
+	t.Parallel()
+
+	cli, err := client.NewClientWithOpts(client.FromEnv)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	containerConfig := container.Config{
+		Env: []string{
+			"LICENSE=accept",
+			"MQ_QMGR_NAME=QM1",
+			"MQ_ENABLE_EMBEDDED_WEB_SERVER=false",
+		},
+		Image: imageName(),
+	}
+	hostConfig := container.HostConfig{
+		Binds: []string{
+			coverageBind(t),
+			tlsDirWithCA(t, false) + ":/etc/mqm/pki/keys/QM1CA",
+		},
+		// Assign a random port for the web server on the host
+		PortBindings: nat.PortMap{
+			"9443/tcp": []nat.PortBinding{
+				{
+					HostIP: "0.0.0.0",
+				},
+			},
+		},
+	}
+	networkingConfig := network.NetworkingConfig{}
+	ctr, err := cli.ContainerCreate(context.Background(), &containerConfig, &hostConfig, &networkingConfig, t.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer cleanContainer(t, cli, ctr.ID)
+	startContainer(t, cli, ctr.ID)
+	waitForReady(t, cli, ctr.ID)
+
+	// execute runmqsc to display qmgr SSLKEYR and CERTLABL attibutes.
+	// Search the console output for exepcted values
+	_, sslkeyROutput := execContainer(t, cli, ctr.ID, "", []string{"bash", "-c", "echo 'DISPLAY QMGR SSLKEYR CERTLABL' | runmqsc"})
+	if !strings.Contains(sslkeyROutput, "SSLKEYR(/run/runmqserver/tls/key)") {
+		t.Errorf("Expected SSLKEYR to be '/run/runmqserver/tls/key' but it is not; got \"%v\"", sslkeyROutput)
+	}
+
+	if !strings.Contains(sslkeyROutput, "CERTLABL(QM1CA)") {
+		t.Errorf("Expected CERTLABL to be 'QM1CA' but it is not; got \"%v\"", sslkeyROutput)
+	}
+
+	// Stop the container cleanly
+	stopContainer(t, cli, ctr.ID)
+}
--- a/test/docker/devconfig_test_util.go
+++ b/test/docker/devconfig_test_util.go
@@ -1,7 +1,8 @@
+//go:build mqdev
 // +build mqdev

 /*
-© Copyright IBM Corporation 2018, 2021
+© Copyright IBM Corporation 2018, 2022

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -18,6 +19,7 @@ limitations under the License.
 package main

 import (
+	"bufio"
 	"bytes"
 	"context"
 	"crypto/tls"
@@ -26,8 +28,8 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/http/httputil"
-	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
 	"testing"
 	"time"
@@ -80,15 +82,19 @@ func tlsDir(t *testing.T, unixPath bool) string {
 	return filepath.Join(getCwd(t, unixPath), "../tls")
 }

+func tlsDirWithCA(t *testing.T, unixPath bool) string {
+	return filepath.Join(getCwd(t, unixPath), "../tlscacert")
+}
+
 // runJMSTests runs a container with a JMS client, which connects to the queue manager container with the specified ID
-func runJMSTests(t *testing.T, cli *client.Client, ID string, tls bool, user, password string) {
+func runJMSTests(t *testing.T, cli *client.Client, ID string, tls bool, user, password string, ibmjre string, cipherName string) {
 	containerConfig := container.Config{
 		// -e MQ_PORT_1414_TCP_ADDR=9.145.14.173 -e MQ_USERNAME=app -e MQ_PASSWORD=passw0rd -e MQ_CHANNEL=DEV.APP.SVRCONN -e MQ_TLS_TRUSTSTORE=/tls/test.p12 -e MQ_TLS_PASSPHRASE=passw0rd -v /Users/arthurbarr/go/src/github.com/ibm-messaging/mq-container/test/tls:/tls msgtest
 		Env: []string{
 			"MQ_PORT_1414_TCP_ADDR=" + getIPAddress(t, cli, ID),
 			"MQ_USERNAME=" + user,
 			"MQ_CHANNEL=DEV.APP.SVRCONN",
-			"IBMJRE=" + os.Getenv("IBMJRE"),
+			"IBMJRE=" + ibmjre,
 		},
 		Image: imageNameDevJMS(),
 	}
@@ -101,6 +107,7 @@ func runJMSTests(t *testing.T, cli *client.Client, ID string, tls bool, user, pa
 		containerConfig.Env = append(containerConfig.Env, []string{
 			"MQ_TLS_TRUSTSTORE=/var/tls/client-trust.jks",
 			"MQ_TLS_PASSPHRASE=passw0rd",
+			"MQ_TLS_CIPHER=" + cipherName,
 		}...)
 	}
 	hostConfig := container.HostConfig{
@@ -119,9 +126,57 @@ func runJMSTests(t *testing.T, cli *client.Client, ID string, tls bool, user, pa
 	if rc != 0 {
 		t.Errorf("JUnit container failed with rc=%v", rc)
 	}
+
+	// Get console output of the container and process the lines
+	// to see if we have any failures
+	scanner := bufio.NewScanner(strings.NewReader(inspectLogs(t, cli, ctr.ID)))
+	for scanner.Scan() {
+		s := scanner.Text()
+		if processJunitLogLine(s) {
+			t.Errorf("JUnit container tests failed. Reason: %s", s)
+		}
+	}
+
 	defer cleanContainer(t, cli, ctr.ID)
 }

+// Parse JUnit log line and return true if line contains failed or aborted tests
+func processJunitLogLine(outputLine string) bool {
+	var failedLine bool
+	// Sample JUnit test run output
+	//[         2 containers found      ]
+	//[         0 containers skipped    ]
+	//[         2 containers started    ]
+	//[         0 containers aborted    ]
+	//[         2 containers successful ]
+	//[         0 containers failed     ]
+	//[         0 tests found           ]
+	//[         0 tests skipped         ]
+	//[         0 tests started         ]
+	//[         0 tests aborted         ]
+	//[         0 tests successful      ]
+	//[         0 tests failed          ]
+
+	// Consider only those lines that begin with '[' and with ']'
+	if strings.HasPrefix(outputLine, "[") && strings.HasSuffix(outputLine, "]") {
+		// Strip off [] and whitespaces
+		trimmed := strings.Trim(outputLine, "[] ")
+		if strings.Contains(trimmed, "aborted") || strings.Contains(trimmed, "failed") {
+			// Tokenize on whitespace
+			tokens := strings.Split(trimmed, " ")
+			// Determine the count of aborted or failed tests
+			count, err := strconv.Atoi(tokens[0])
+			if err == nil {
+				if count > 0 {
+					failedLine = true
+				}
+			}
+		}
+	}
+
+	return failedLine
+}
+
 // createTLSConfig creates a tls.Config which trusts the specified certificate
 func createTLSConfig(t *testing.T, certFile, password string) *tls.Config {
 	// Get the SystemCertPool, continue with an empty pool on error