From fcb7377575d96d77969d329acc18f5229a41163a Mon Sep 17 00:00:00 2001 From: Arthur Barr Date: Wed, 21 Mar 2018 13:40:53 +0000 Subject: [PATCH] Add more dev config tests --- cmd/runmqdevserver/tls.go | 17 +++--- test/docker/devconfig_test.go | 93 ++++++++++++++++++++---------- test/docker/devconfig_test_util.go | 45 +++++++++++---- 3 files changed, 106 insertions(+), 49 deletions(-) diff --git a/cmd/runmqdevserver/tls.go b/cmd/runmqdevserver/tls.go index 26cdb34..eff229b 100644 --- a/cmd/runmqdevserver/tls.go +++ b/cmd/runmqdevserver/tls.go @@ -117,15 +117,16 @@ func configureTLS(qmName string, inputFile string, passPhrase string) error { return err } + f, err := os.OpenFile("/etc/mqm/20-dev-tls.mqsc", os.O_WRONLY|os.O_CREATE, 0770) + if err != nil { + return err + } + defer f.Close() + // Change the Queue Manager's Key Repository to point at the new TLS key store + fmt.Fprintf(f, "ALTER QMGR SSLKEYR('%s')\n", filepath.Join(dir, "key")) + fmt.Fprintf(f, "ALTER QMGR CERTLABL('%s')\n", newLabel) + if os.Getenv("MQ_DEV") == "true" { - f, err := os.OpenFile("/etc/mqm/20-dev-tls.mqsc", os.O_WRONLY|os.O_CREATE, 0770) - if err != nil { - return err - } - defer f.Close() - // Change the Queue Manager's Key Repository to point at the new TLS key store - fmt.Fprintf(f, "ALTER QMGR SSLKEYR('%s')\n", filepath.Join(dir, "key")) - fmt.Fprintf(f, "ALTER QMGR CERTLABL('%s')\n", newLabel) // Alter the DEV channels to use TLS fmt.Fprintln(f, "ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256) SSLCAUTH(OPTIONAL)") fmt.Fprintln(f, "ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256) SSLCAUTH(OPTIONAL)") diff --git a/test/docker/devconfig_test.go b/test/docker/devconfig_test.go index f6cd160..7d013ab 100644 --- a/test/docker/devconfig_test.go +++ b/test/docker/devconfig_test.go @@ -19,8 +19,8 @@ package main import ( "context" - "crypto/tls" "path/filepath" + "strings" "testing" "github.com/docker/docker/api/types/container" @@ -41,34 +41,23 @@ func TestDevGoldenPath(t *testing.T) { Env: []string{ "LICENSE=accept", "MQ_QMGR_NAME=qm1", - // TODO: Use default password (not set) here - "MQ_APP_PASSWORD=" + devAppPassword, }, } id := runContainer(t, cli, &containerConfig) - defer cleanContainer(t, cli, id) waitForReady(t, cli, id) - waitForWebReady(t, cli, id) - - t.Run("REST", func(t *testing.T) { - // Disable TLS verification (server uses a self-signed certificate by default, - // so verification isn't useful anyway) - testREST(t, cli, id, &tls.Config{ - InsecureSkipVerify: true, - }) - }) + waitForWebReady(t, cli, id, insecureTLSConfig) t.Run("JMS", func(t *testing.T) { - runJMSTests(t, cli, id, false) + // Run the JMS tests, with no password specified + runJMSTests(t, cli, id, false, "app", "") }) - // Stop the container cleanly stopContainer(t, cli, id) } -// TestDevTLS tests the default developer config using the a custom TLS key store. +// TestDevSecure tests the default developer config using the a custom TLS key store and password. // Note: This test requires a separate container image to be available for the JMS tests -func TestDevTLS(t *testing.T) { +func TestDevSecure(t *testing.T) { t.Parallel() cli, err := client.NewEnvClient() if err != nil { @@ -106,21 +95,67 @@ func TestDevTLS(t *testing.T) { if err != nil { t.Fatal(err) } - defer cleanContainer(t, cli, ctr.ID) startContainer(t, cli, ctr.ID) waitForReady(t, cli, ctr.ID) - waitForWebReady(t, cli, ctr.ID) - - t.Run("REST", func(t *testing.T) { - // Use the correct certificate for the HTTPS connection - cert := filepath.Join(tlsDir(t), "server.crt") - testREST(t, cli, ctr.ID, createTLSConfig(t, cert, tlsPassPhrase)) - }) - t.Run("JMS", func(t *testing.T) { - runJMSTests(t, cli, ctr.ID, true) - }) - + cert := filepath.Join(tlsDir(t), "server.crt") + waitForWebReady(t, cli, ctr.ID, createTLSConfig(t, cert, tlsPassPhrase)) + runJMSTests(t, cli, ctr.ID, true, "app", devAppPassword) // Stop the container cleanly stopContainer(t, cli, ctr.ID) } + +func TestDevWebDisabled(t *testing.T) { + t.Parallel() + cli, err := client.NewEnvClient() + if err != nil { + t.Fatal(err) + } + containerConfig := container.Config{ + Env: []string{ + "LICENSE=accept", + "MQ_QMGR_NAME=qm1", + "MQ_DISABLE_WEB_CONSOLE=true", + }, + } + id := runContainer(t, cli, &containerConfig) + defer cleanContainer(t, cli, id) + waitForReady(t, cli, id) + t.Run("Web", func(t *testing.T) { + dspmqweb := execContainerWithOutput(t, cli, id, "mqm", []string{"dspmqweb"}) + if !strings.Contains(dspmqweb, "Server mqweb is not running.") { + t.Errorf("Expected dspmqweb to say server is not running; got \"%v\"", dspmqweb) + } + }) + t.Run("JMS", func(t *testing.T) { + // Run the JMS tests, with no password specified + runJMSTests(t, cli, id, false, "app", "") + }) + // Stop the container cleanly + stopContainer(t, cli, id) +} + +func TestDevConfigDisabled(t *testing.T) { + t.Parallel() + cli, err := client.NewEnvClient() + if err != nil { + t.Fatal(err) + } + containerConfig := container.Config{ + Env: []string{ + "LICENSE=accept", + "MQ_QMGR_NAME=qm1", + "MQ_DEV=false", + }, + } + id := runContainer(t, cli, &containerConfig) + defer cleanContainer(t, cli, id) + waitForReady(t, cli, id) + waitForWebReady(t, cli, id, insecureTLSConfig) + rc := execContainerWithExitCode(t, cli, id, "mqm", []string{"bash", "-c", "echo 'display qlocal(DEV*)' | runmqsc"}) + if rc == 0 { + t.Errorf("Expected DEV queues to be missing") + } + // Stop the container cleanly + stopContainer(t, cli, id) +} diff --git a/test/docker/devconfig_test_util.go b/test/docker/devconfig_test_util.go index 5effa11..9bc7b3a 100644 --- a/test/docker/devconfig_test_util.go +++ b/test/docker/devconfig_test_util.go @@ -38,18 +38,36 @@ import ( const devAdminPassword string = "passw0rd" const devAppPassword string = "passw0rd" -func waitForWebReady(t *testing.T, cli *client.Client, ID string) { - config := tls.Config{InsecureSkipVerify: true} - a := fmt.Sprintf("localhost:%s", getWebPort(t, cli, ID)) +// Disable TLS verification (server uses a self-signed certificate by default, +// so verification isn't useful anyway) +var insecureTLSConfig *tls.Config = &tls.Config{ + InsecureSkipVerify: true, +} + +func waitForWebReady(t *testing.T, cli *client.Client, ID string, tlsConfig *tls.Config) { + httpClient := http.Client{ + Timeout: time.Duration(3 * time.Second), + Transport: &http.Transport{ + TLSClientConfig: tlsConfig, + }, + } + url := fmt.Sprintf("https://localhost:%s/ibmmq/rest/v1/admin/installation", getWebPort(t, cli, ID)) for { - conn, err := tls.Dial("tcp", a, &config) - if err == nil { - conn.Close() - // Extra sleep to allow web apps to start - time.Sleep(5 * time.Second) + req, err := http.NewRequest("GET", url, nil) + req.SetBasicAuth("admin", devAdminPassword) + resp, err := httpClient.Do(req) + if err == nil && resp.StatusCode == http.StatusOK { t.Log("MQ web server is ready") return } + // conn, err := tls.Dial("tcp", a, &config) + // if err == nil { + // conn.Close() + // // Extra sleep to allow web apps to start + // time.Sleep(5 * time.Second) + // t.Log("MQ web server is ready") + // return + // } time.Sleep(1 * time.Second) } } @@ -64,17 +82,20 @@ func tlsDir(t *testing.T) string { } // runJMSTests runs a container with a JMS client, which connects to the queue manager container with the specified ID -func runJMSTests(t *testing.T, cli *client.Client, ID string, tls bool) { +func runJMSTests(t *testing.T, cli *client.Client, ID string, tls bool, user, password string) { containerConfig := container.Config{ // -e MQ_PORT_1414_TCP_ADDR=9.145.14.173 -e MQ_USERNAME=app -e MQ_PASSWORD=passw0rd -e MQ_CHANNEL=DEV.APP.SVRCONN -e MQ_TLS_KEYSTORE=/tls/test.p12 -e MQ_TLS_PASSPHRASE=passw0rd -v /Users/arthurbarr/go/src/github.com/ibm-messaging/mq-container/test/tls:/tls msgtest Env: []string{ "MQ_PORT_1414_TCP_ADDR=" + getIPAddress(t, cli, ID), - "MQ_USERNAME=app", - "MQ_PASSWORD=" + devAppPassword, + "MQ_USERNAME=" + user, "MQ_CHANNEL=DEV.APP.SVRCONN", }, Image: imageNameDevJMS(), } + // Set a password for the client to use, if one is specified + if password != "" { + containerConfig.Env = append(containerConfig.Env, "MQ_PASSWORD="+password) + } if tls { t.Log("Using TLS from JMS client") containerConfig.Env = append(containerConfig.Env, []string{ @@ -89,7 +110,7 @@ func runJMSTests(t *testing.T, cli *client.Client, ID string, tls bool) { }, } networkingConfig := network.NetworkingConfig{} - ctr, err := cli.ContainerCreate(context.Background(), &containerConfig, &hostConfig, &networkingConfig, strings.Replace(t.Name(), "/", "", -1)) + ctr, err := cli.ContainerCreate(context.Background(), &containerConfig, &hostConfig, &networkingConfig, strings.Replace(t.Name()+"JMS", "/", "", -1)) if err != nil { t.Fatal(err) }