From bdfd7341e78dbbd44001a08dea6a7b03a8a4e8bb Mon Sep 17 00:00:00 2001 From: Timofey Turenko Date: Fri, 13 Sep 2019 14:12:49 +0300 Subject: [PATCH] Add tests with backend SSL A 'BACKEND_SSL' label added. If test has this label Testconnection() configures backend servers to require SSL --- maxscale-system-test/CMakeLists.txt | 16 +++++++++--- maxscale-system-test/config_operations.cpp | 29 +++++++++++++++++----- maxscale-system-test/labels_table.cpp | 7 ++++++ maxscale-system-test/labels_table.h | 8 ++++++ maxscale-system-test/testconnections.cpp | 6 +++++ 5 files changed, 57 insertions(+), 9 deletions(-) diff --git a/maxscale-system-test/CMakeLists.txt b/maxscale-system-test/CMakeLists.txt index 02d19231e..10ff8816c 100644 --- a/maxscale-system-test/CMakeLists.txt +++ b/maxscale-system-test/CMakeLists.txt @@ -569,7 +569,7 @@ add_test_executable(mxs922_restart.cpp mxs922_restart mxs922 LABELS maxscale REP add_test_executable(mxs922_scaling.cpp mxs922_scaling mxs922_base LABELS maxscale REPL_BACKEND) # Dynamic listener SSL test -add_test_executable(mxs922_listener_ssl.cpp mxs922_listener_ssl mxs922_base LABELS maxscale REPL_BACKEND) +add_test_executable(mxs922_listener_ssl.cpp mxs922_listener_ssl mxs922_base LABELS maxscale BACKEND_SSL REPL_BACKEND) # Alter routers at runtime add_test_executable(alter_router.cpp alter_router alter_router LABELS maxscale REPL_BACKEND) @@ -813,7 +813,7 @@ add_test_executable(sharding_load_data.cpp sharding_load_data sharding LABELS sc add_test_executable(short_sessions.cpp short_sessions replication LABELS readwritesplit readconnroute REPL_BACKEND) # Do short sessions (open conn, short query, close conn) in the loop, client ssl is ON -add_test_derived(short_sessions_ssl short_sessions ssl LABELS readwritesplit readconnroute REPL_BACKEND) +add_test_derived(short_sessions_ssl short_sessions ssl LABELS readwritesplit readconnroute BACKEND_SSL REPL_BACKEND) # Regression case for crash if maxadmin 'show monitors' command is issued, but no monitor is not running add_test_executable(show_monitor_crash.cpp show_monitor_crash show_monitor_crash LABELS maxscale REPL_BACKEND) @@ -853,7 +853,7 @@ add_test_executable(test_hints.cpp test_hints hints2 LABELS hintfilter readwrite # works only with yum-based distributions # TODO: make it working with zypper and apt, move part of KDC setup to MDBCI add_test_executable(kerberos_setup.cpp kerberos_setup kerberos LABELS HEAVY gssapi REPL_BACKEND) -add_test_derived(kerberos_setup_ssl kerberos_setup kerberos_ssl LABELS HEAVY gssapi REPL_BACKEND) +add_test_derived(kerberos_setup_ssl kerberos_setup kerberos_ssl LABELS HEAVY gssapi BACKEND_SSL REPL_BACKEND) # Configures 'keepalived' on two Maxscale machines and tried failover add_test_executable(keepalived.cpp keepalived keepalived LABELS REPL_BACKEND TWO_MAXSCALES) @@ -1014,6 +1014,16 @@ add_test_executable(mxs2631_ignore_system_tables.cpp mxs2631_ignore_system_table # END: Normal tests # ############################################ +############################################ +# BEGIN: backend SSL tests # +############################################ + +add_test_derived(sql_queries_ssl sql_queries ssl LABELS readwritesplit REPL_BACKEND BACKEND_SSL) + +############################################ +# END: backend SSL tests # +############################################ + ############################################ # BEGIN: binlogrouter and avrorouter tests # ############################################ diff --git a/maxscale-system-test/config_operations.cpp b/maxscale-system-test/config_operations.cpp index f15b160a5..b251a2cd2 100644 --- a/maxscale-system-test/config_operations.cpp +++ b/maxscale-system-test/config_operations.cpp @@ -79,12 +79,26 @@ void Config::destroy_server(int num) void Config::create_server(int num) { test_->set_timeout(120); + char ssl_line[200 + 3 * strlen(test_->maxscales->access_homedir[0])] = ""; + if (test_->backend_ssl) + { + sprintf(ssl_line, + " --tls-key=/%s/certs/client-key.pem " + " --tls-cert=/%s/certs/client-cert.pem " + " --tls-ca-cert=/%s/certs/ca.pem " + " --tls-version=MAX " + " --tls-cert-verify-depth=9", + test_->maxscales->access_homedir[0], + test_->maxscales->access_homedir[0], + test_->maxscales->access_homedir[0]); + } test_->maxscales->ssh_node_f(0, true, - "maxadmin create server server%d %s %d", + "maxctrl create server server%d %s %d %s", num, test_->repl->IP[num], - test_->repl->port[num]); + test_->repl->port[num], + ssl_line); created_servers_.insert(num); test_->stop_timeout(); } @@ -176,12 +190,15 @@ void Config::create_ssl_listener(Config::Service service) test_->maxscales->ssh_node_f(0, true, "maxadmin create listener %s %s default %d default default default " - "/home/vagrant/certs/server-key.pem " - "/home/vagrant/certs/server-cert.pem " - "/home/vagrant/certs/ca.pem ", + "/%s/certs/server-key.pem " + "/%s/certs/server-cert.pem " + "/%s/certs/ca.pem ", services[i].service, services[i].listener, - services[i].port); + services[i].port, + test_->maxscales->access_homedir[0], + test_->maxscales->access_homedir[0], + test_->maxscales->access_homedir[0]); test_->stop_timeout(); } diff --git a/maxscale-system-test/labels_table.cpp b/maxscale-system-test/labels_table.cpp index 5b4b093db..98451a033 100644 --- a/maxscale-system-test/labels_table.cpp +++ b/maxscale-system-test/labels_table.cpp @@ -22,3 +22,10 @@ std::string get_mdbci_lables(const char *labels_string) } return mdbci_labels; } + +bool check_label(std::string labels, std::string label) +{ + std::string labels_ext = std::string(";") + labels + std::string(";"); + std::string label_ext = std::string(";") + label + std::string(";"); + return (labels_ext.find(label_ext, 0) != std::string::npos); +} diff --git a/maxscale-system-test/labels_table.h b/maxscale-system-test/labels_table.h index 723d28658..b9598e7df 100644 --- a/maxscale-system-test/labels_table.h +++ b/maxscale-system-test/labels_table.h @@ -29,3 +29,11 @@ const labels_table_t labels_table [] __attribute__((unused)) = * @return Labels string in the 'mdbci up' --labels parameter format */ std::string get_mdbci_lables(const char * labels_string); + +/** + * @brief check_label Checks if givel lable belogs to current test labels + * @param labels String with all labels of the test + * @param label Labels to find + * @return true if label present + */ +bool check_label(std::string labels, std::string label); diff --git a/maxscale-system-test/testconnections.cpp b/maxscale-system-test/testconnections.cpp index 0971dcdf6..84bc1ed7c 100644 --- a/maxscale-system-test/testconnections.cpp +++ b/maxscale-system-test/testconnections.cpp @@ -299,6 +299,12 @@ TestConnections::TestConnections(int argc, char* argv[]) mdbci_labels = get_mdbci_lables(labels); + if (check_label(std::string(labels), "BACKEND_SSL")) + { + backend_ssl = true; + tprintf("Test has BACKEND_SSL label"); + } + std::string delimiter = std::string (","); size_t pos_start = 0, pos_end, delim_len = delimiter.length(); std::string label;