Add more dev config tests
This commit is contained in:
Arthur Barr
@@ -117,15 +117,16 @@ func configureTLS(qmName string, inputFile string, passPhrase string) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
f, err := os.OpenFile("/etc/mqm/20-dev-tls.mqsc", os.O_WRONLY|os.O_CREATE, 0770)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
defer f.Close()
|
||||||
|
// Change the Queue Manager's Key Repository to point at the new TLS key store
|
||||||
|
fmt.Fprintf(f, "ALTER QMGR SSLKEYR('%s')\n", filepath.Join(dir, "key"))
|
||||||
|
fmt.Fprintf(f, "ALTER QMGR CERTLABL('%s')\n", newLabel)
|
||||||
|
|
||||||
if os.Getenv("MQ_DEV") == "true" {
|
if os.Getenv("MQ_DEV") == "true" {
|
||||||
f, err := os.OpenFile("/etc/mqm/20-dev-tls.mqsc", os.O_WRONLY|os.O_CREATE, 0770)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
defer f.Close()
|
|
||||||
// Change the Queue Manager's Key Repository to point at the new TLS key store
|
|
||||||
fmt.Fprintf(f, "ALTER QMGR SSLKEYR('%s')\n", filepath.Join(dir, "key"))
|
|
||||||
fmt.Fprintf(f, "ALTER QMGR CERTLABL('%s')\n", newLabel)
|
|
||||||
// Alter the DEV channels to use TLS
|
// Alter the DEV channels to use TLS
|
||||||
fmt.Fprintln(f, "ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256) SSLCAUTH(OPTIONAL)")
|
fmt.Fprintln(f, "ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256) SSLCAUTH(OPTIONAL)")
|
||||||
fmt.Fprintln(f, "ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256) SSLCAUTH(OPTIONAL)")
|
fmt.Fprintln(f, "ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256) SSLCAUTH(OPTIONAL)")
|
||||||
|
|||||||
@@ -19,8 +19,8 @@ package main
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/tls"
|
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/docker/docker/api/types/container"
|
"github.com/docker/docker/api/types/container"
|
||||||
@@ -41,34 +41,23 @@ func TestDevGoldenPath(t *testing.T) {
|
|||||||
Env: []string{
|
Env: []string{
|
||||||
"LICENSE=accept",
|
"LICENSE=accept",
|
||||||
"MQ_QMGR_NAME=qm1",
|
"MQ_QMGR_NAME=qm1",
|
||||||
// TODO: Use default password (not set) here
|
|
||||||
"MQ_APP_PASSWORD=" + devAppPassword,
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
id := runContainer(t, cli, &containerConfig)
|
id := runContainer(t, cli, &containerConfig)
|
||||||
|
|
||||||
defer cleanContainer(t, cli, id)
|
defer cleanContainer(t, cli, id)
|
||||||
waitForReady(t, cli, id)
|
waitForReady(t, cli, id)
|
||||||
waitForWebReady(t, cli, id)
|
waitForWebReady(t, cli, id, insecureTLSConfig)
|
||||||
|
|
||||||
t.Run("REST", func(t *testing.T) {
|
|
||||||
// Disable TLS verification (server uses a self-signed certificate by default,
|
|
||||||
// so verification isn't useful anyway)
|
|
||||||
testREST(t, cli, id, &tls.Config{
|
|
||||||
InsecureSkipVerify: true,
|
|
||||||
})
|
|
||||||
})
|
|
||||||
t.Run("JMS", func(t *testing.T) {
|
t.Run("JMS", func(t *testing.T) {
|
||||||
runJMSTests(t, cli, id, false)
|
// Run the JMS tests, with no password specified
|
||||||
|
runJMSTests(t, cli, id, false, "app", "")
|
||||||
})
|
})
|
||||||
|
|
||||||
// Stop the container cleanly
|
// Stop the container cleanly
|
||||||
stopContainer(t, cli, id)
|
stopContainer(t, cli, id)
|
||||||
}
|
}
|
||||||
|
|
||||||
// TestDevTLS tests the default developer config using the a custom TLS key store.
|
// TestDevSecure tests the default developer config using the a custom TLS key store and password.
|
||||||
// Note: This test requires a separate container image to be available for the JMS tests
|
// Note: This test requires a separate container image to be available for the JMS tests
|
||||||
func TestDevTLS(t *testing.T) {
|
func TestDevSecure(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
cli, err := client.NewEnvClient()
|
cli, err := client.NewEnvClient()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -106,21 +95,67 @@ func TestDevTLS(t *testing.T) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
defer cleanContainer(t, cli, ctr.ID)
|
defer cleanContainer(t, cli, ctr.ID)
|
||||||
startContainer(t, cli, ctr.ID)
|
startContainer(t, cli, ctr.ID)
|
||||||
waitForReady(t, cli, ctr.ID)
|
waitForReady(t, cli, ctr.ID)
|
||||||
waitForWebReady(t, cli, ctr.ID)
|
cert := filepath.Join(tlsDir(t), "server.crt")
|
||||||
|
waitForWebReady(t, cli, ctr.ID, createTLSConfig(t, cert, tlsPassPhrase))
|
||||||
t.Run("REST", func(t *testing.T) {
|
runJMSTests(t, cli, ctr.ID, true, "app", devAppPassword)
|
||||||
// Use the correct certificate for the HTTPS connection
|
|
||||||
cert := filepath.Join(tlsDir(t), "server.crt")
|
|
||||||
testREST(t, cli, ctr.ID, createTLSConfig(t, cert, tlsPassPhrase))
|
|
||||||
})
|
|
||||||
t.Run("JMS", func(t *testing.T) {
|
|
||||||
runJMSTests(t, cli, ctr.ID, true)
|
|
||||||
})
|
|
||||||
|
|
||||||
// Stop the container cleanly
|
// Stop the container cleanly
|
||||||
stopContainer(t, cli, ctr.ID)
|
stopContainer(t, cli, ctr.ID)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestDevWebDisabled(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
cli, err := client.NewEnvClient()
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
containerConfig := container.Config{
|
||||||
|
Env: []string{
|
||||||
|
"LICENSE=accept",
|
||||||
|
"MQ_QMGR_NAME=qm1",
|
||||||
|
"MQ_DISABLE_WEB_CONSOLE=true",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
id := runContainer(t, cli, &containerConfig)
|
||||||
|
defer cleanContainer(t, cli, id)
|
||||||
|
waitForReady(t, cli, id)
|
||||||
|
t.Run("Web", func(t *testing.T) {
|
||||||
|
dspmqweb := execContainerWithOutput(t, cli, id, "mqm", []string{"dspmqweb"})
|
||||||
|
if !strings.Contains(dspmqweb, "Server mqweb is not running.") {
|
||||||
|
t.Errorf("Expected dspmqweb to say server is not running; got \"%v\"", dspmqweb)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
t.Run("JMS", func(t *testing.T) {
|
||||||
|
// Run the JMS tests, with no password specified
|
||||||
|
runJMSTests(t, cli, id, false, "app", "")
|
||||||
|
})
|
||||||
|
// Stop the container cleanly
|
||||||
|
stopContainer(t, cli, id)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestDevConfigDisabled(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
cli, err := client.NewEnvClient()
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
containerConfig := container.Config{
|
||||||
|
Env: []string{
|
||||||
|
"LICENSE=accept",
|
||||||
|
"MQ_QMGR_NAME=qm1",
|
||||||
|
"MQ_DEV=false",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
id := runContainer(t, cli, &containerConfig)
|
||||||
|
defer cleanContainer(t, cli, id)
|
||||||
|
waitForReady(t, cli, id)
|
||||||
|
waitForWebReady(t, cli, id, insecureTLSConfig)
|
||||||
|
rc := execContainerWithExitCode(t, cli, id, "mqm", []string{"bash", "-c", "echo 'display qlocal(DEV*)' | runmqsc"})
|
||||||
|
if rc == 0 {
|
||||||
|
t.Errorf("Expected DEV queues to be missing")
|
||||||
|
}
|
||||||
|
// Stop the container cleanly
|
||||||
|
stopContainer(t, cli, id)
|
||||||
|
}
|
||||||
|
|||||||
@@ -38,18 +38,36 @@ import (
|
|||||||
const devAdminPassword string = "passw0rd"
|
const devAdminPassword string = "passw0rd"
|
||||||
const devAppPassword string = "passw0rd"
|
const devAppPassword string = "passw0rd"
|
||||||
|
|
||||||
func waitForWebReady(t *testing.T, cli *client.Client, ID string) {
|
// Disable TLS verification (server uses a self-signed certificate by default,
|
||||||
config := tls.Config{InsecureSkipVerify: true}
|
// so verification isn't useful anyway)
|
||||||
a := fmt.Sprintf("localhost:%s", getWebPort(t, cli, ID))
|
var insecureTLSConfig *tls.Config = &tls.Config{
|
||||||
|
InsecureSkipVerify: true,
|
||||||
|
}
|
||||||
|
|
||||||
|
func waitForWebReady(t *testing.T, cli *client.Client, ID string, tlsConfig *tls.Config) {
|
||||||
|
httpClient := http.Client{
|
||||||
|
Timeout: time.Duration(3 * time.Second),
|
||||||
|
Transport: &http.Transport{
|
||||||
|
TLSClientConfig: tlsConfig,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
url := fmt.Sprintf("https://localhost:%s/ibmmq/rest/v1/admin/installation", getWebPort(t, cli, ID))
|
||||||
for {
|
for {
|
||||||
conn, err := tls.Dial("tcp", a, &config)
|
req, err := http.NewRequest("GET", url, nil)
|
||||||
if err == nil {
|
req.SetBasicAuth("admin", devAdminPassword)
|
||||||
conn.Close()
|
resp, err := httpClient.Do(req)
|
||||||
// Extra sleep to allow web apps to start
|
if err == nil && resp.StatusCode == http.StatusOK {
|
||||||
time.Sleep(5 * time.Second)
|
|
||||||
t.Log("MQ web server is ready")
|
t.Log("MQ web server is ready")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
// conn, err := tls.Dial("tcp", a, &config)
|
||||||
|
// if err == nil {
|
||||||
|
// conn.Close()
|
||||||
|
// // Extra sleep to allow web apps to start
|
||||||
|
// time.Sleep(5 * time.Second)
|
||||||
|
// t.Log("MQ web server is ready")
|
||||||
|
// return
|
||||||
|
// }
|
||||||
time.Sleep(1 * time.Second)
|
time.Sleep(1 * time.Second)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -64,17 +82,20 @@ func tlsDir(t *testing.T) string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// runJMSTests runs a container with a JMS client, which connects to the queue manager container with the specified ID
|
// runJMSTests runs a container with a JMS client, which connects to the queue manager container with the specified ID
|
||||||
func runJMSTests(t *testing.T, cli *client.Client, ID string, tls bool) {
|
func runJMSTests(t *testing.T, cli *client.Client, ID string, tls bool, user, password string) {
|
||||||
containerConfig := container.Config{
|
containerConfig := container.Config{
|
||||||
// -e MQ_PORT_1414_TCP_ADDR=9.145.14.173 -e MQ_USERNAME=app -e MQ_PASSWORD=passw0rd -e MQ_CHANNEL=DEV.APP.SVRCONN -e MQ_TLS_KEYSTORE=/tls/test.p12 -e MQ_TLS_PASSPHRASE=passw0rd -v /Users/arthurbarr/go/src/github.com/ibm-messaging/mq-container/test/tls:/tls msgtest
|
// -e MQ_PORT_1414_TCP_ADDR=9.145.14.173 -e MQ_USERNAME=app -e MQ_PASSWORD=passw0rd -e MQ_CHANNEL=DEV.APP.SVRCONN -e MQ_TLS_KEYSTORE=/tls/test.p12 -e MQ_TLS_PASSPHRASE=passw0rd -v /Users/arthurbarr/go/src/github.com/ibm-messaging/mq-container/test/tls:/tls msgtest
|
||||||
Env: []string{
|
Env: []string{
|
||||||
"MQ_PORT_1414_TCP_ADDR=" + getIPAddress(t, cli, ID),
|
"MQ_PORT_1414_TCP_ADDR=" + getIPAddress(t, cli, ID),
|
||||||
"MQ_USERNAME=app",
|
"MQ_USERNAME=" + user,
|
||||||
"MQ_PASSWORD=" + devAppPassword,
|
|
||||||
"MQ_CHANNEL=DEV.APP.SVRCONN",
|
"MQ_CHANNEL=DEV.APP.SVRCONN",
|
||||||
},
|
},
|
||||||
Image: imageNameDevJMS(),
|
Image: imageNameDevJMS(),
|
||||||
}
|
}
|
||||||
|
// Set a password for the client to use, if one is specified
|
||||||
|
if password != "" {
|
||||||
|
containerConfig.Env = append(containerConfig.Env, "MQ_PASSWORD="+password)
|
||||||
|
}
|
||||||
if tls {
|
if tls {
|
||||||
t.Log("Using TLS from JMS client")
|
t.Log("Using TLS from JMS client")
|
||||||
containerConfig.Env = append(containerConfig.Env, []string{
|
containerConfig.Env = append(containerConfig.Env, []string{
|
||||||
@@ -89,7 +110,7 @@ func runJMSTests(t *testing.T, cli *client.Client, ID string, tls bool) {
|
|||||||
},
|
},
|
||||||
}
|
}
|
||||||
networkingConfig := network.NetworkingConfig{}
|
networkingConfig := network.NetworkingConfig{}
|
||||||
ctr, err := cli.ContainerCreate(context.Background(), &containerConfig, &hostConfig, &networkingConfig, strings.Replace(t.Name(), "/", "", -1))
|
ctr, err := cli.ContainerCreate(context.Background(), &containerConfig, &hostConfig, &networkingConfig, strings.Replace(t.Name()+"JMS", "/", "", -1))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user