From d8f01de682e5bb43f177b5b90a4276ce5649d4c9 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Tue, 19 May 2020 15:32:10 -0700
Subject: [PATCH] Open mirror ssl ports externally

This was missed in an earlier change where we enabled these vhosts.
Testing worked because testing was communicating to localhost and not
the public ip address.

This has been addressed as well.

Change-Id: I2d91aea466f1b587780a452cfe8e1396515930ed
---
 playbooks/group_vars/mirror.yaml |  5 ++
 testinfra/test_mirror.py         | 78 ++++++++++++++++++++++----------
 2 files changed, 59 insertions(+), 24 deletions(-)

diff --git a/playbooks/group_vars/mirror.yaml b/playbooks/group_vars/mirror.yaml
index 1306e83cf7..5274d39c33 100644
--- a/playbooks/group_vars/mirror.yaml
+++ b/playbooks/group_vars/mirror.yaml
@@ -1,6 +1,11 @@
 iptables_extra_public_tcp_ports:
   - 80
   - 443
+  - 4443
+  - 4444
+  - 4445
+  - 4446
+  - 4447
   - 8080
   - 8081
   - 8082
diff --git a/testinfra/test_mirror.py b/testinfra/test_mirror.py
index f1e02127c6..886ef1c3c1 100644
--- a/testinfra/test_mirror.py
+++ b/testinfra/test_mirror.py
@@ -23,42 +23,72 @@ def test_apache(host):
 
 def test_base_mirror(host):
     # BaseMirror
-    cmd = host.run("wget --no-check-certificate -qO- https://localhost/")
-    assert '<a href="debian/">' in cmd.stdout
+    for addr in host.addr(host.backend.host).ip_addresses:
+        cmd = host.run("wget --no-check-certificate -qO- https://%s/" % addr)
+        assert '<a href="debian/">' in cmd.stdout
 
-    cmd = host.run("wget -qO- http://localhost/")
-    assert '<a href="debian/">' in cmd.stdout
+        cmd = host.run("wget -qO- http://%s/" % addr)
+        assert '<a href="debian/">' in cmd.stdout
 
 def test_proxy_mirror(host):
     # ProxyMirror
-    cmd = host.run("wget --no-check-certificate -qO- "
-                   "https://localhost:4443/pypi/simple/setuptools")
-    assert 'setuptools' in cmd.stdout
+    for addr in host.addr(host.backend.host).ipv4_addresses:
+        cmd = host.run("wget --no-check-certificate -qO- "
+                       "https://%s:4443/pypi/simple/setuptools" % addr)
+        assert 'setuptools' in cmd.stdout
 
-    cmd = host.run("wget -qO- http://localhost:8080/pypi/simple/setuptools")
-    assert 'setuptools' in cmd.stdout
+        cmd = host.run("wget -qO- "
+                       "http://%s:8080/pypi/simple/setuptools" % addr)
+        assert 'setuptools' in cmd.stdout
+
+    # split the test cases so that we can escape the ipv6 addrs properly
+    for addr in host.addr(host.backend.host).ipv6_addresses:
+        cmd = host.run("wget --no-check-certificate -qO- "
+                       "https://[%s]:4443/pypi/simple/setuptools" % addr)
+        assert 'setuptools' in cmd.stdout
+
+        cmd = host.run("wget -qO- "
+                       "http://[%s]:8080/pypi/simple/setuptools" % addr)
+        assert 'setuptools' in cmd.stdout
 
 def test_dockerv1_mirror(host):
     # Dockerv1Mirror
-    cmd = host.run("wget --no-check-certificate -O- "
-                   "https://localhost:4444/registry-1.docker")
-    # TODO assert that this proxy cache is working more properly
-    assert '403 Forbidden' in cmd.stderr
+    for addr in host.addr(host.backend.host).ipv4_addresses:
+        cmd = host.run("wget --no-check-certificate -O- "
+                       "https://%s:4444/registry-1.docker" % addr)
+        # TODO assert that this proxy cache is working more properly
+        assert '403 Forbidden' in cmd.stderr
 
-    cmd = host.run("wget -O- http://localhost:8081/registry-1.docker")
-    # TODO assert that this proxy cache is working more properly
-    assert '403 Forbidden' in cmd.stderr
+        cmd = host.run("wget -O- http://%s:8081/registry-1.docker" % addr)
+        # TODO assert that this proxy cache is working more properly
+        assert '403 Forbidden' in cmd.stderr
+
+    for addr in host.addr(host.backend.host).ipv6_addresses:
+        cmd = host.run("wget --no-check-certificate -O- "
+                       "https://[%s]:4444/registry-1.docker" % addr)
+        # TODO assert that this proxy cache is working more properly
+        assert '403 Forbidden' in cmd.stderr
+
+        cmd = host.run("wget -O- http://[%s]:8081/registry-1.docker" % addr)
+        # TODO assert that this proxy cache is working more properly
+        assert '403 Forbidden' in cmd.stderr
 
 def test_dockerv2_mirror(host):
     # Dockerv2Mirror
-    cmd = host.run("wget --no-check-certificate -O- "
-                   "https://localhost:4445/v2/")
-    assert '401 Unauthorized' in cmd.stderr
+    for addr in host.addr(host.backend.host).ipv4_addresses:
+        cmd = host.run("wget --no-check-certificate -O- "
+                       "https://%s:4445/v2/" % addr)
+        assert '401 Unauthorized' in cmd.stderr
 
-    cmd = host.run("wget -O- http://localhost:8082/v2/")
-    assert '401 Unauthorized' in cmd.stderr
+        cmd = host.run("wget -O- http://%s:8082/v2/" %addr)
+        assert '401 Unauthorized' in cmd.stderr
+
+    for addr in host.addr(host.backend.host).ipv6_addresses:
+        cmd = host.run("wget --no-check-certificate -O- "
+                       "https://[%s]:4445/v2/" % addr)
+        assert '401 Unauthorized' in cmd.stderr
+
+        cmd = host.run("wget -O- http://[%s]:8082/v2/" %addr)
+        assert '401 Unauthorized' in cmd.stderr
 
 # TODO test RHRegistryMirror and QuayMirror
-
-# NOTE(ianw): further testing idea for anyone interested; get the
-# actual IP address of the mirror node and connect via that