Add more dev config tests
This commit is contained in:
Arthur Barr
@@ -117,15 +117,16 @@ func configureTLS(qmName string, inputFile string, passPhrase string) error {
|
||||
return err
|
||||
}
|
||||
|
||||
f, err := os.OpenFile("/etc/mqm/20-dev-tls.mqsc", os.O_WRONLY|os.O_CREATE, 0770)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer f.Close()
|
||||
// Change the Queue Manager's Key Repository to point at the new TLS key store
|
||||
fmt.Fprintf(f, "ALTER QMGR SSLKEYR('%s')\n", filepath.Join(dir, "key"))
|
||||
fmt.Fprintf(f, "ALTER QMGR CERTLABL('%s')\n", newLabel)
|
||||
|
||||
if os.Getenv("MQ_DEV") == "true" {
|
||||
f, err := os.OpenFile("/etc/mqm/20-dev-tls.mqsc", os.O_WRONLY|os.O_CREATE, 0770)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer f.Close()
|
||||
// Change the Queue Manager's Key Repository to point at the new TLS key store
|
||||
fmt.Fprintf(f, "ALTER QMGR SSLKEYR('%s')\n", filepath.Join(dir, "key"))
|
||||
fmt.Fprintf(f, "ALTER QMGR CERTLABL('%s')\n", newLabel)
|
||||
// Alter the DEV channels to use TLS
|
||||
fmt.Fprintln(f, "ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256) SSLCAUTH(OPTIONAL)")
|
||||
fmt.Fprintln(f, "ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256) SSLCAUTH(OPTIONAL)")
|
||||
|
||||
@@ -19,8 +19,8 @@ package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/docker/docker/api/types/container"
|
||||
@@ -41,34 +41,23 @@ func TestDevGoldenPath(t *testing.T) {
|
||||
Env: []string{
|
||||
"LICENSE=accept",
|
||||
"MQ_QMGR_NAME=qm1",
|
||||
// TODO: Use default password (not set) here
|
||||
"MQ_APP_PASSWORD=" + devAppPassword,
|
||||
},
|
||||
}
|
||||
id := runContainer(t, cli, &containerConfig)
|
||||
|
||||
defer cleanContainer(t, cli, id)
|
||||
waitForReady(t, cli, id)
|
||||
waitForWebReady(t, cli, id)
|
||||
|
||||
t.Run("REST", func(t *testing.T) {
|
||||
// Disable TLS verification (server uses a self-signed certificate by default,
|
||||
// so verification isn't useful anyway)
|
||||
testREST(t, cli, id, &tls.Config{
|
||||
InsecureSkipVerify: true,
|
||||
})
|
||||
})
|
||||
waitForWebReady(t, cli, id, insecureTLSConfig)
|
||||
t.Run("JMS", func(t *testing.T) {
|
||||
runJMSTests(t, cli, id, false)
|
||||
// Run the JMS tests, with no password specified
|
||||
runJMSTests(t, cli, id, false, "app", "")
|
||||
})
|
||||
|
||||
// Stop the container cleanly
|
||||
stopContainer(t, cli, id)
|
||||
}
|
||||
|
||||
// TestDevTLS tests the default developer config using the a custom TLS key store.
|
||||
// TestDevSecure tests the default developer config using the a custom TLS key store and password.
|
||||
// Note: This test requires a separate container image to be available for the JMS tests
|
||||
func TestDevTLS(t *testing.T) {
|
||||
func TestDevSecure(t *testing.T) {
|
||||
t.Parallel()
|
||||
cli, err := client.NewEnvClient()
|
||||
if err != nil {
|
||||
@@ -106,21 +95,67 @@ func TestDevTLS(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
defer cleanContainer(t, cli, ctr.ID)
|
||||
startContainer(t, cli, ctr.ID)
|
||||
waitForReady(t, cli, ctr.ID)
|
||||
waitForWebReady(t, cli, ctr.ID)
|
||||
|
||||
t.Run("REST", func(t *testing.T) {
|
||||
// Use the correct certificate for the HTTPS connection
|
||||
cert := filepath.Join(tlsDir(t), "server.crt")
|
||||
testREST(t, cli, ctr.ID, createTLSConfig(t, cert, tlsPassPhrase))
|
||||
})
|
||||
t.Run("JMS", func(t *testing.T) {
|
||||
runJMSTests(t, cli, ctr.ID, true)
|
||||
})
|
||||
|
||||
cert := filepath.Join(tlsDir(t), "server.crt")
|
||||
waitForWebReady(t, cli, ctr.ID, createTLSConfig(t, cert, tlsPassPhrase))
|
||||
runJMSTests(t, cli, ctr.ID, true, "app", devAppPassword)
|
||||
// Stop the container cleanly
|
||||
stopContainer(t, cli, ctr.ID)
|
||||
}
|
||||
|
||||
func TestDevWebDisabled(t *testing.T) {
|
||||
t.Parallel()
|
||||
cli, err := client.NewEnvClient()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
containerConfig := container.Config{
|
||||
Env: []string{
|
||||
"LICENSE=accept",
|
||||
"MQ_QMGR_NAME=qm1",
|
||||
"MQ_DISABLE_WEB_CONSOLE=true",
|
||||
},
|
||||
}
|
||||
id := runContainer(t, cli, &containerConfig)
|
||||
defer cleanContainer(t, cli, id)
|
||||
waitForReady(t, cli, id)
|
||||
t.Run("Web", func(t *testing.T) {
|
||||
dspmqweb := execContainerWithOutput(t, cli, id, "mqm", []string{"dspmqweb"})
|
||||
if !strings.Contains(dspmqweb, "Server mqweb is not running.") {
|
||||
t.Errorf("Expected dspmqweb to say server is not running; got \"%v\"", dspmqweb)
|
||||
}
|
||||
})
|
||||
t.Run("JMS", func(t *testing.T) {
|
||||
// Run the JMS tests, with no password specified
|
||||
runJMSTests(t, cli, id, false, "app", "")
|
||||
})
|
||||
// Stop the container cleanly
|
||||
stopContainer(t, cli, id)
|
||||
}
|
||||
|
||||
func TestDevConfigDisabled(t *testing.T) {
|
||||
t.Parallel()
|
||||
cli, err := client.NewEnvClient()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
containerConfig := container.Config{
|
||||
Env: []string{
|
||||
"LICENSE=accept",
|
||||
"MQ_QMGR_NAME=qm1",
|
||||
"MQ_DEV=false",
|
||||
},
|
||||
}
|
||||
id := runContainer(t, cli, &containerConfig)
|
||||
defer cleanContainer(t, cli, id)
|
||||
waitForReady(t, cli, id)
|
||||
waitForWebReady(t, cli, id, insecureTLSConfig)
|
||||
rc := execContainerWithExitCode(t, cli, id, "mqm", []string{"bash", "-c", "echo 'display qlocal(DEV*)' | runmqsc"})
|
||||
if rc == 0 {
|
||||
t.Errorf("Expected DEV queues to be missing")
|
||||
}
|
||||
// Stop the container cleanly
|
||||
stopContainer(t, cli, id)
|
||||
}
|
||||
|
||||
@@ -38,18 +38,36 @@ import (
|
||||
const devAdminPassword string = "passw0rd"
|
||||
const devAppPassword string = "passw0rd"
|
||||
|
||||
func waitForWebReady(t *testing.T, cli *client.Client, ID string) {
|
||||
config := tls.Config{InsecureSkipVerify: true}
|
||||
a := fmt.Sprintf("localhost:%s", getWebPort(t, cli, ID))
|
||||
// Disable TLS verification (server uses a self-signed certificate by default,
|
||||
// so verification isn't useful anyway)
|
||||
var insecureTLSConfig *tls.Config = &tls.Config{
|
||||
InsecureSkipVerify: true,
|
||||
}
|
||||
|
||||
func waitForWebReady(t *testing.T, cli *client.Client, ID string, tlsConfig *tls.Config) {
|
||||
httpClient := http.Client{
|
||||
Timeout: time.Duration(3 * time.Second),
|
||||
Transport: &http.Transport{
|
||||
TLSClientConfig: tlsConfig,
|
||||
},
|
||||
}
|
||||
url := fmt.Sprintf("https://localhost:%s/ibmmq/rest/v1/admin/installation", getWebPort(t, cli, ID))
|
||||
for {
|
||||
conn, err := tls.Dial("tcp", a, &config)
|
||||
if err == nil {
|
||||
conn.Close()
|
||||
// Extra sleep to allow web apps to start
|
||||
time.Sleep(5 * time.Second)
|
||||
req, err := http.NewRequest("GET", url, nil)
|
||||
req.SetBasicAuth("admin", devAdminPassword)
|
||||
resp, err := httpClient.Do(req)
|
||||
if err == nil && resp.StatusCode == http.StatusOK {
|
||||
t.Log("MQ web server is ready")
|
||||
return
|
||||
}
|
||||
// conn, err := tls.Dial("tcp", a, &config)
|
||||
// if err == nil {
|
||||
// conn.Close()
|
||||
// // Extra sleep to allow web apps to start
|
||||
// time.Sleep(5 * time.Second)
|
||||
// t.Log("MQ web server is ready")
|
||||
// return
|
||||
// }
|
||||
time.Sleep(1 * time.Second)
|
||||
}
|
||||
}
|
||||
@@ -64,17 +82,20 @@ func tlsDir(t *testing.T) string {
|
||||
}
|
||||
|
||||
// runJMSTests runs a container with a JMS client, which connects to the queue manager container with the specified ID
|
||||
func runJMSTests(t *testing.T, cli *client.Client, ID string, tls bool) {
|
||||
func runJMSTests(t *testing.T, cli *client.Client, ID string, tls bool, user, password string) {
|
||||
containerConfig := container.Config{
|
||||
// -e MQ_PORT_1414_TCP_ADDR=9.145.14.173 -e MQ_USERNAME=app -e MQ_PASSWORD=passw0rd -e MQ_CHANNEL=DEV.APP.SVRCONN -e MQ_TLS_KEYSTORE=/tls/test.p12 -e MQ_TLS_PASSPHRASE=passw0rd -v /Users/arthurbarr/go/src/github.com/ibm-messaging/mq-container/test/tls:/tls msgtest
|
||||
Env: []string{
|
||||
"MQ_PORT_1414_TCP_ADDR=" + getIPAddress(t, cli, ID),
|
||||
"MQ_USERNAME=app",
|
||||
"MQ_PASSWORD=" + devAppPassword,
|
||||
"MQ_USERNAME=" + user,
|
||||
"MQ_CHANNEL=DEV.APP.SVRCONN",
|
||||
},
|
||||
Image: imageNameDevJMS(),
|
||||
}
|
||||
// Set a password for the client to use, if one is specified
|
||||
if password != "" {
|
||||
containerConfig.Env = append(containerConfig.Env, "MQ_PASSWORD="+password)
|
||||
}
|
||||
if tls {
|
||||
t.Log("Using TLS from JMS client")
|
||||
containerConfig.Env = append(containerConfig.Env, []string{
|
||||
@@ -89,7 +110,7 @@ func runJMSTests(t *testing.T, cli *client.Client, ID string, tls bool) {
|
||||
},
|
||||
}
|
||||
networkingConfig := network.NetworkingConfig{}
|
||||
ctr, err := cli.ContainerCreate(context.Background(), &containerConfig, &hostConfig, &networkingConfig, strings.Replace(t.Name(), "/", "", -1))
|
||||
ctr, err := cli.ContainerCreate(context.Background(), &containerConfig, &hostConfig, &networkingConfig, strings.Replace(t.Name()+"JMS", "/", "", -1))
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user