technocloud-public/nginx-unit
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Tests: get rid of classes in test files.

Browse Source 
Class usage came from the unittest framework and it was always redundant
after migration to the pytest.  This commit removes classes from files
containing tests to make them more readable and understandable.
This commit is contained in:
Andrei Zeliankou
2023-06-14 18:20:09 +01:00
parent c6d05191a0
commit c183bd8749
84 changed files with 17455 additions and 16814 deletions
Download Patch File Download Diff File Expand all files Collapse all files

175
test/test_tls_conf_command.py
View File

@@ -1,111 +1,114 @@
import ssl
import pytest
from unit.applications.tls import TestApplicationTLS
from unit.applications.tls import ApplicationTLS
prerequisites = {'modules': {'openssl': 'any'}}
client = ApplicationTLS()
class TestTLSConfCommand(TestApplicationTLS):
@pytest.fixture(autouse=True)
def setup_method_fixture(self):
self.certificate()
assert 'success' in self.conf(
{
"listeners": {
"*:7080": {
"pass": "routes",
"tls": {"certificate": "default"},
}
},
"routes": [{"action": {"return": 200}}],
"applications": {},
}
), 'load application configuration'
@pytest.fixture(autouse=True)
def setup_method_fixture():
client.certificate()
def test_tls_conf_command(self):
def check_no_connection():
try:
self.get_ssl()
pytest.fail('Unexpected connection.')
assert 'success' in client.conf(
{
"listeners": {
"*:7080": {
"pass": "routes",
"tls": {"certificate": "default"},
}
},
"routes": [{"action": {"return": 200}}],
"applications": {},
}
), 'load application configuration'
except (ssl.SSLError, ConnectionRefusedError):
pass
# Set one conf_commands (disable protocol).
def test_tls_conf_command():
def check_no_connection():
try:
client.get_ssl()
pytest.fail('Unexpected connection.')
(_, sock) = self.get_ssl(start=True)
except (ssl.SSLError, ConnectionRefusedError):
pass
# Set one conf_commands (disable protocol).
(_, sock) = client.get_ssl(start=True)
shared_ciphers = sock.shared_ciphers()
protocols = list(set(c[1] for c in shared_ciphers))
protocol = sock.cipher()[1]
if '/' in protocol:
pytest.skip('Complex protocol format.')
assert 'success' in client.conf(
{
"certificate": "default",
"conf_commands": {"protocol": f'-{protocol}'},
},
'listeners/*:7080/tls',
), 'protocol disabled'
sock.close()
if len(protocols) > 1:
(_, sock) = client.get_ssl(start=True)
cipher = sock.cipher()
assert cipher[1] != protocol, 'new protocol used'
shared_ciphers = sock.shared_ciphers()
protocols = list(set(c[1] for c in shared_ciphers))
protocol = sock.cipher()[1]
ciphers = list(set(c for c in shared_ciphers if c[1] == cipher[1]))
if '/' in protocol:
pytest.skip('Complex protocol format.')
sock.close()
else:
check_no_connection()
pytest.skip('One TLS protocol available only.')
assert 'success' in self.conf(
{
"certificate": "default",
"conf_commands": {"protocol": f'-{protocol}'},
# Set two conf_commands (disable protocol and cipher).
assert 'success' in client.conf(
{
"certificate": "default",
"conf_commands": {
"protocol": f'-{protocol}',
"cipherstring": f"{cipher[1]}:!{cipher[0]}",
},
'listeners/*:7080/tls',
), 'protocol disabled'
},
'listeners/*:7080/tls',
), 'cipher disabled'
if len(ciphers) > 1:
(_, sock) = client.get_ssl(start=True)
cipher_new = sock.cipher()
assert cipher_new[1] == cipher[1], 'previous protocol used'
assert cipher_new[0] != cipher[0], 'new cipher used'
sock.close()
if len(protocols) > 1:
(_, sock) = self.get_ssl(start=True)
else:
check_no_connection()
cipher = sock.cipher()
assert cipher[1] != protocol, 'new protocol used'
shared_ciphers = sock.shared_ciphers()
ciphers = list(set(c for c in shared_ciphers if c[1] == cipher[1]))
def test_tls_conf_command_invalid(skip_alert):
skip_alert(r'SSL_CONF_cmd', r'failed to apply new conf')
sock.close()
else:
check_no_connection()
pytest.skip('One TLS protocol available only.')
# Set two conf_commands (disable protocol and cipher).
assert 'success' in self.conf(
{
"certificate": "default",
"conf_commands": {
"protocol": f'-{protocol}',
"cipherstring": f"{cipher[1]}:!{cipher[0]}",
},
},
def check_conf_commands(conf_commands):
assert 'error' in client.conf(
{"certificate": "default", "conf_commands": conf_commands},
'listeners/*:7080/tls',
), 'cipher disabled'
), 'ivalid conf_commands'
if len(ciphers) > 1:
(_, sock) = self.get_ssl(start=True)
cipher_new = sock.cipher()
assert cipher_new[1] == cipher[1], 'previous protocol used'
assert cipher_new[0] != cipher[0], 'new cipher used'
sock.close()
else:
check_no_connection()
def test_tls_conf_command_invalid(self, skip_alert):
skip_alert(r'SSL_CONF_cmd', r'failed to apply new conf')
def check_conf_commands(conf_commands):
assert 'error' in self.conf(
{"certificate": "default", "conf_commands": conf_commands},
'listeners/*:7080/tls',
), 'ivalid conf_commands'
check_conf_commands([])
check_conf_commands("blah")
check_conf_commands({"": ""})
check_conf_commands({"blah": ""})
check_conf_commands({"protocol": {}})
check_conf_commands({"protocol": "blah"})
check_conf_commands({"protocol": "TLSv1.2", "blah": ""})
check_conf_commands([])
check_conf_commands("blah")
check_conf_commands({"": ""})
check_conf_commands({"blah": ""})
check_conf_commands({"protocol": {}})
check_conf_commands({"protocol": "blah"})
check_conf_commands({"protocol": "TLSv1.2", "blah": ""})