Message ID | 6d6e3fb131d56e2ab76b7ff6c5774376b64ebdad.camel@cloudandheat.com |
---|---|
State | Accepted |
Commit | 965c2955e6750f503b55d5c0af516cbb7b45f7ae |
Headers | show |
Series | [ovs-dev,v3,1/2] tests-ovsdb: switch OVSDB_START_IDLTEST to macro | expand |
Context | Check | Description |
---|---|---|
ovsrobot/apply-robot | success | apply and check: success |
ovsrobot/github-robot-_Build_and_Test | success | github build: passed |
ovsrobot/intel-ovs-compilation | success | test: success |
On Thu, 2023-05-11 at 15:38 +0200, Stefan Hoffmann wrote: > This tests stream.c and stream.py with ssl connection at > CHECK_STREAM_OPEN_BLOCK. > For the tests, ovsdb needs to be build with libssl. > > Signed-off-by: Stefan Hoffmann <stefan.hoffmann@cloudandheat.com> > --- > > Changes based on comments from Ilya Maximets: > use m4_join; use m4_substr directly at call, without using variable in > between > > Hint: at some places we can't use brackets, as m4 seems to not resolve the > variables otherwise. Mail with comments at this places will follow. > > tests/ovsdb-idl.at | 31 +++++++++++++++++++++++++++---- > tests/test-stream.c | 12 +++++++++++- > tests/test-stream.py | 18 ++++++++++++++++++ > 3 files changed, 56 insertions(+), 5 deletions(-) > > diff --git a/tests/ovsdb-idl.at b/tests/ovsdb-idl.at > index 258d79fe9..978a6677b 100644 > --- a/tests/ovsdb-idl.at > +++ b/tests/ovsdb-idl.at > @@ -28,8 +28,13 @@ m4_define([OVSDB_START_IDLTEST], > [ > AT_CHECK([ovsdb-tool create db dnl > m4_if([$2], [], [$abs_srcdir/idltest.ovsschema], [$2])]) > + PKIDIR=$abs_top_builddir/tests > AT_CHECK([ovsdb-server -vconsole:warn --log-file --detach --no-chdir dnl > --pidfile --remote=punix:socket dnl > + m4_if(m4_substr($1, 0, 5), [pssl:], > + [--private-key=$PKIDIR/testpki-privkey2.pem dnl > + --certificate=$PKIDIR/testpki-cert2.pem dnl > + --ca-cert=$PKIDIR/testpki-cacert.pem], []) dnl > m4_if([$1], [], [], [--remote=$1]) db dnl > ]) > on_exit 'kill `cat ovsdb-server.pid`' > @@ -2286,14 +2291,26 @@ m4_define([CHECK_STREAM_OPEN_BLOCK], > [AT_SETUP([Check stream open block - $1 - $3]) > AT_SKIP_IF([test "$3" = "tcp6" && test "$IS_WIN32" = "yes"]) > AT_SKIP_IF([test "$3" = "tcp6" && test "$HAVE_IPV6" = "no"]) > + AT_SKIP_IF([test "$3" = "ssl6" && test "$IS_WIN32" = "yes"]) > + AT_SKIP_IF([test "$3" = "ssl6" && test "$HAVE_IPV6" = "no"]) > + AT_SKIP_IF([test "$3" = "ssl" && test "$HAVE_OPENSSL" = "no"]) > + $PYTHON3 -c "import ssl" > + SSL_PRESENT=$? > + AT_SKIP_IF([test "$3" = "ssl" && test $SSL_PRESENT != 0]) > + AT_SKIP_IF([test "$3" = "ssl6" && test "$HAVE_OPENSSL" = "no"]) > + AT_SKIP_IF([test "$3" = "ssl6" && test $SSL_PRESENT != 0]) > AT_KEYWORDS([ovsdb server stream open_block $3]) > - OVSDB_START_IDLTEST(["ptcp:0:$4"]) > + PKIDIR=$abs_top_builddir/tests > + m4_define([PROTOCOL], [m4_substr([$3], [0], [3])]) > + OVSDB_START_IDLTEST([m4_join([], [p], PROTOCOL, [:0:], $4)]) Badly we must not use brackets here for the arguments that are variables (PROTOCOL), we want to get resolved. I guess, otherwise, m4 takes them as text instead. Also we need to handover `$4` directly without brackets, else we get issues with IPv6 IPs. The ovsdb-server call would be '--remote=ptcp:0:[[::1]]' instead of '-- remote=ptcp:0:[::1]'. We could use brackets here but would need to remove them above at OVSDB_START_IDLTEST (--remote=$4 instead of [--remote=$4]). I decidet to miss the brackets here is the better way. Another solution would be to remove one pair of brackets at the CHECK_STREAM_OPEN_BLOCK function call below, but than we also more or less handover the plain value without brackets there. Do you have a better idea how to solve that or should I add a comment to the code therefore? > PARSE_LISTENING_PORT([ovsdb-server.log], [TCP_PORT]) > WRONG_PORT=$(($TCP_PORT + 101)) > - AT_CHECK([$2 tcp:$4:$TCP_PORT], [0], [ignore]) > - AT_CHECK([$2 tcp:$4:$WRONG_PORT], [1], [ignore], [ignore]) > + SSL_KEY_ARGS="$PKIDIR/testpki-privkey.pem $PKIDIR/testpki-cert.pem $PKIDIR/testpki-cacert.pem" > + AT_CHECK([$2 PROTOCOL:$4:$TCP_PORT $SSL_KEY_ARGS], [0], [ignore]) > + AT_CHECK([$2 PROTOCOL:$4:$WRONG_PORT $SSL_KEY_ARGS], [1], [ignore], > + [ignore]) > OVSDB_SERVER_SHUTDOWN > - AT_CHECK([$2 tcp:$4:$TCP_PORT], [1], [ignore], [ignore]) > + AT_CHECK([$2 PROTOCOL:$4:$TCP_PORT $SSL_KEY_ARGS], [1], [ignore], [ignore]) > AT_CLEANUP]) > > CHECK_STREAM_OPEN_BLOCK([C], [test-stream], [tcp], [127.0.0.1]) > @@ -2302,6 +2319,12 @@ CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py], > [tcp], [127.0.0.1]) > CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py], > [tcp6], [[[::1]]]) > +CHECK_STREAM_OPEN_BLOCK([C], [test-stream], [ssl], [127.0.0.1]) > +CHECK_STREAM_OPEN_BLOCK([C], [test-stream], [ssl6], [[[::1]]]) > +CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py], > + [ssl], [127.0.0.1]) > +CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py], > + [ssl6], [[[::1]]]) > > # same as OVSDB_CHECK_IDL but uses Python IDL implementation with tcp > # with multiple remotes to assert the idl connects to the leader of the Raft cluster > diff --git a/tests/test-stream.c b/tests/test-stream.c > index 68ce2c544..14e3bfe38 100644 > --- a/tests/test-stream.c > +++ b/tests/test-stream.c > @@ -19,6 +19,7 @@ > #include "fatal-signal.h" > #include "openvswitch/vlog.h" > #include "stream.h" > +#include "stream-ssl.h" > #include "util.h" > > VLOG_DEFINE_THIS_MODULE(test_stream); > @@ -33,7 +34,16 @@ main(int argc, char *argv[]) > set_program_name(argv[0]); > > if (argc < 2) { > - ovs_fatal(0, "usage: %s REMOTE", argv[0]); > + ovs_fatal(0, "usage: %s REMOTE [SSL_KEY] [SSL_CERT] [SSL_CA]", > + argv[0]); > + } > + if (strncmp("ssl:", argv[1], 4) == 0) { > + if (argc < 5) { > + ovs_fatal(0, "usage with ssl: %s REMOTE SSL_KEY SSL_CERT SSL_CA", > + argv[0]); > + } > + stream_ssl_set_ca_cert_file(argv[4], false); > + stream_ssl_set_key_and_cert(argv[2], argv[3]); > } > > error = stream_open_block(stream_open(argv[1], &stream, DSCP_DEFAULT), > diff --git a/tests/test-stream.py b/tests/test-stream.py > index 93d63c019..a6a9c18b2 100644 > --- a/tests/test-stream.py > +++ b/tests/test-stream.py > @@ -15,10 +15,28 @@ > import sys > > import ovs.stream > +import ovs.util > > > def main(argv): > + if len(argv) < 2: > + ovs.util.ovs_fatal(0, > + "usage: %s REMOTE [SSL_KEY] [SSL_CERT] [SSL_CA]", > + argv[0], > + ) > remote = argv[1] > + > + if remote.startswith("ssl:"): > + if len(argv) < 5: > + ovs.util.ovs_fatal( > + 0, > + "usage with ssl: %s REMOTE [SSL_KEY] [SSL_CERT] [SSL_CA]", > + argv[0], > + ) > + ovs.stream.SSLStream.ssl_set_ca_cert_file(argv[4]) > + ovs.stream.SSLStream.ssl_set_certificate_file(argv[3]) > + ovs.stream.SSLStream.ssl_set_private_key_file(argv[2]) > + > err, stream = ovs.stream.Stream.open_block( > ovs.stream.Stream.open(remote), 10000) > Thanks, Stefan
On 5/11/23 15:49, Stefan Hoffmann wrote: > On Thu, 2023-05-11 at 15:38 +0200, Stefan Hoffmann wrote: >> This tests stream.c and stream.py with ssl connection at >> CHECK_STREAM_OPEN_BLOCK. >> For the tests, ovsdb needs to be build with libssl. >> >> Signed-off-by: Stefan Hoffmann <stefan.hoffmann@cloudandheat.com> >> --- >> >> Changes based on comments from Ilya Maximets: >> use m4_join; use m4_substr directly at call, without using variable in >> between >> >> Hint: at some places we can't use brackets, as m4 seems to not resolve the >> variables otherwise. Mail with comments at this places will follow. >> >> tests/ovsdb-idl.at | 31 +++++++++++++++++++++++++++---- >> tests/test-stream.c | 12 +++++++++++- >> tests/test-stream.py | 18 ++++++++++++++++++ >> 3 files changed, 56 insertions(+), 5 deletions(-) >> >> diff --git a/tests/ovsdb-idl.at b/tests/ovsdb-idl.at >> index 258d79fe9..978a6677b 100644 >> --- a/tests/ovsdb-idl.at >> +++ b/tests/ovsdb-idl.at >> @@ -28,8 +28,13 @@ m4_define([OVSDB_START_IDLTEST], >> [ >> AT_CHECK([ovsdb-tool create db dnl >> m4_if([$2], [], [$abs_srcdir/idltest.ovsschema], [$2])]) >> + PKIDIR=$abs_top_builddir/tests >> AT_CHECK([ovsdb-server -vconsole:warn --log-file --detach --no-chdir dnl >> --pidfile --remote=punix:socket dnl >> + m4_if(m4_substr($1, 0, 5), [pssl:], >> + [--private-key=$PKIDIR/testpki-privkey2.pem dnl >> + --certificate=$PKIDIR/testpki-cert2.pem dnl >> + --ca-cert=$PKIDIR/testpki-cacert.pem], []) dnl >> m4_if([$1], [], [], [--remote=$1]) db dnl >> ]) >> on_exit 'kill `cat ovsdb-server.pid`' >> @@ -2286,14 +2291,26 @@ m4_define([CHECK_STREAM_OPEN_BLOCK], >> [AT_SETUP([Check stream open block - $1 - $3]) >> AT_SKIP_IF([test "$3" = "tcp6" && test "$IS_WIN32" = "yes"]) >> AT_SKIP_IF([test "$3" = "tcp6" && test "$HAVE_IPV6" = "no"]) >> + AT_SKIP_IF([test "$3" = "ssl6" && test "$IS_WIN32" = "yes"]) >> + AT_SKIP_IF([test "$3" = "ssl6" && test "$HAVE_IPV6" = "no"]) >> + AT_SKIP_IF([test "$3" = "ssl" && test "$HAVE_OPENSSL" = "no"]) >> + $PYTHON3 -c "import ssl" >> + SSL_PRESENT=$? >> + AT_SKIP_IF([test "$3" = "ssl" && test $SSL_PRESENT != 0]) >> + AT_SKIP_IF([test "$3" = "ssl6" && test "$HAVE_OPENSSL" = "no"]) >> + AT_SKIP_IF([test "$3" = "ssl6" && test $SSL_PRESENT != 0]) >> AT_KEYWORDS([ovsdb server stream open_block $3]) >> - OVSDB_START_IDLTEST(["ptcp:0:$4"]) >> + PKIDIR=$abs_top_builddir/tests >> + m4_define([PROTOCOL], [m4_substr([$3], [0], [3])]) >> + OVSDB_START_IDLTEST([m4_join([], [p], PROTOCOL, [:0:], $4)]) > > Badly we must not use brackets here for the arguments that are > variables (PROTOCOL), we want to get resolved. > I guess, otherwise, m4 takes them as text instead. > > Also we need to handover `$4` directly without brackets, else we get > issues with IPv6 IPs. > The ovsdb-server call would be '--remote=ptcp:0:[[::1]]' instead of '-- > remote=ptcp:0:[::1]'. > We could use brackets here but would need to remove them above at > OVSDB_START_IDLTEST (--remote=$4 instead of [--remote=$4]). I decidet > to miss the brackets here is the better way. > Another solution would be to remove one pair of brackets at the > CHECK_STREAM_OPEN_BLOCK function call below, but than we also more or > less handover the plain value without brackets there. > > Do you have a better idea how to solve that or should I add a comment > to the code therefore? I guess, we can keep as-is. No need for extra comments. Best regards, Ilya Maximets.
On 5/11/23 15:38, Stefan Hoffmann wrote: > This tests stream.c and stream.py with ssl connection at > CHECK_STREAM_OPEN_BLOCK. > For the tests, ovsdb needs to be build with libssl. > > Signed-off-by: Stefan Hoffmann <stefan.hoffmann@cloudandheat.com> > --- > > Changes based on comments from Ilya Maximets: > use m4_join; use m4_substr directly at call, without using variable in > between > > Hint: at some places we can't use brackets, as m4 seems to not resolve the > variables otherwise. Mail with comments at this places will follow. > > tests/ovsdb-idl.at | 31 +++++++++++++++++++++++++++---- > tests/test-stream.c | 12 +++++++++++- > tests/test-stream.py | 18 ++++++++++++++++++ > 3 files changed, 56 insertions(+), 5 deletions(-) Applied. Thanks! It's always nice to have improved test coverage. For the future - If you have a patch set (more than 1 patch), it's better to have a cover letter and patches sent in reply to this cover letter. This way they are easier to manage in the inbox. You may use '--cover-letter' option of 'git format-patch' for that. And if you're using 'git send-email cover patch1 patch2 ...', it will by default provide the described behavior (patches in reply to cover letter). Best regards, Ilya Maximets.
diff --git a/tests/ovsdb-idl.at b/tests/ovsdb-idl.at index 258d79fe9..978a6677b 100644 --- a/tests/ovsdb-idl.at +++ b/tests/ovsdb-idl.at @@ -28,8 +28,13 @@ m4_define([OVSDB_START_IDLTEST], [ AT_CHECK([ovsdb-tool create db dnl m4_if([$2], [], [$abs_srcdir/idltest.ovsschema], [$2])]) + PKIDIR=$abs_top_builddir/tests AT_CHECK([ovsdb-server -vconsole:warn --log-file --detach --no-chdir dnl --pidfile --remote=punix:socket dnl + m4_if(m4_substr($1, 0, 5), [pssl:], + [--private-key=$PKIDIR/testpki-privkey2.pem dnl + --certificate=$PKIDIR/testpki-cert2.pem dnl + --ca-cert=$PKIDIR/testpki-cacert.pem], []) dnl m4_if([$1], [], [], [--remote=$1]) db dnl ]) on_exit 'kill `cat ovsdb-server.pid`' @@ -2286,14 +2291,26 @@ m4_define([CHECK_STREAM_OPEN_BLOCK], [AT_SETUP([Check stream open block - $1 - $3]) AT_SKIP_IF([test "$3" = "tcp6" && test "$IS_WIN32" = "yes"]) AT_SKIP_IF([test "$3" = "tcp6" && test "$HAVE_IPV6" = "no"]) + AT_SKIP_IF([test "$3" = "ssl6" && test "$IS_WIN32" = "yes"]) + AT_SKIP_IF([test "$3" = "ssl6" && test "$HAVE_IPV6" = "no"]) + AT_SKIP_IF([test "$3" = "ssl" && test "$HAVE_OPENSSL" = "no"]) + $PYTHON3 -c "import ssl" + SSL_PRESENT=$? + AT_SKIP_IF([test "$3" = "ssl" && test $SSL_PRESENT != 0]) + AT_SKIP_IF([test "$3" = "ssl6" && test "$HAVE_OPENSSL" = "no"]) + AT_SKIP_IF([test "$3" = "ssl6" && test $SSL_PRESENT != 0]) AT_KEYWORDS([ovsdb server stream open_block $3]) - OVSDB_START_IDLTEST(["ptcp:0:$4"]) + PKIDIR=$abs_top_builddir/tests + m4_define([PROTOCOL], [m4_substr([$3], [0], [3])]) + OVSDB_START_IDLTEST([m4_join([], [p], PROTOCOL, [:0:], $4)]) PARSE_LISTENING_PORT([ovsdb-server.log], [TCP_PORT]) WRONG_PORT=$(($TCP_PORT + 101)) - AT_CHECK([$2 tcp:$4:$TCP_PORT], [0], [ignore]) - AT_CHECK([$2 tcp:$4:$WRONG_PORT], [1], [ignore], [ignore]) + SSL_KEY_ARGS="$PKIDIR/testpki-privkey.pem $PKIDIR/testpki-cert.pem $PKIDIR/testpki-cacert.pem" + AT_CHECK([$2 PROTOCOL:$4:$TCP_PORT $SSL_KEY_ARGS], [0], [ignore]) + AT_CHECK([$2 PROTOCOL:$4:$WRONG_PORT $SSL_KEY_ARGS], [1], [ignore], + [ignore]) OVSDB_SERVER_SHUTDOWN - AT_CHECK([$2 tcp:$4:$TCP_PORT], [1], [ignore], [ignore]) + AT_CHECK([$2 PROTOCOL:$4:$TCP_PORT $SSL_KEY_ARGS], [1], [ignore], [ignore]) AT_CLEANUP]) CHECK_STREAM_OPEN_BLOCK([C], [test-stream], [tcp], [127.0.0.1]) @@ -2302,6 +2319,12 @@ CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py], [tcp], [127.0.0.1]) CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py], [tcp6], [[[::1]]]) +CHECK_STREAM_OPEN_BLOCK([C], [test-stream], [ssl], [127.0.0.1]) +CHECK_STREAM_OPEN_BLOCK([C], [test-stream], [ssl6], [[[::1]]]) +CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py], + [ssl], [127.0.0.1]) +CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py], + [ssl6], [[[::1]]]) # same as OVSDB_CHECK_IDL but uses Python IDL implementation with tcp # with multiple remotes to assert the idl connects to the leader of the Raft cluster diff --git a/tests/test-stream.c b/tests/test-stream.c index 68ce2c544..14e3bfe38 100644 --- a/tests/test-stream.c +++ b/tests/test-stream.c @@ -19,6 +19,7 @@ #include "fatal-signal.h" #include "openvswitch/vlog.h" #include "stream.h" +#include "stream-ssl.h" #include "util.h" VLOG_DEFINE_THIS_MODULE(test_stream); @@ -33,7 +34,16 @@ main(int argc, char *argv[]) set_program_name(argv[0]); if (argc < 2) { - ovs_fatal(0, "usage: %s REMOTE", argv[0]); + ovs_fatal(0, "usage: %s REMOTE [SSL_KEY] [SSL_CERT] [SSL_CA]", + argv[0]); + } + if (strncmp("ssl:", argv[1], 4) == 0) { + if (argc < 5) { + ovs_fatal(0, "usage with ssl: %s REMOTE SSL_KEY SSL_CERT SSL_CA", + argv[0]); + } + stream_ssl_set_ca_cert_file(argv[4], false); + stream_ssl_set_key_and_cert(argv[2], argv[3]); } error = stream_open_block(stream_open(argv[1], &stream, DSCP_DEFAULT), diff --git a/tests/test-stream.py b/tests/test-stream.py index 93d63c019..a6a9c18b2 100644 --- a/tests/test-stream.py +++ b/tests/test-stream.py @@ -15,10 +15,28 @@ import sys import ovs.stream +import ovs.util def main(argv): + if len(argv) < 2: + ovs.util.ovs_fatal(0, + "usage: %s REMOTE [SSL_KEY] [SSL_CERT] [SSL_CA]", + argv[0], + ) remote = argv[1] + + if remote.startswith("ssl:"): + if len(argv) < 5: + ovs.util.ovs_fatal( + 0, + "usage with ssl: %s REMOTE [SSL_KEY] [SSL_CERT] [SSL_CA]", + argv[0], + ) + ovs.stream.SSLStream.ssl_set_ca_cert_file(argv[4]) + ovs.stream.SSLStream.ssl_set_certificate_file(argv[3]) + ovs.stream.SSLStream.ssl_set_private_key_file(argv[2]) + err, stream = ovs.stream.Stream.open_block( ovs.stream.Stream.open(remote), 10000)
This tests stream.c and stream.py with ssl connection at CHECK_STREAM_OPEN_BLOCK. For the tests, ovsdb needs to be build with libssl. Signed-off-by: Stefan Hoffmann <stefan.hoffmann@cloudandheat.com> --- Changes based on comments from Ilya Maximets: use m4_join; use m4_substr directly at call, without using variable in between Hint: at some places we can't use brackets, as m4 seems to not resolve the variables otherwise. Mail with comments at this places will follow. tests/ovsdb-idl.at | 31 +++++++++++++++++++++++++++---- tests/test-stream.c | 12 +++++++++++- tests/test-stream.py | 18 ++++++++++++++++++ 3 files changed, 56 insertions(+), 5 deletions(-)