Add API tests for ssl cert feature

This patch adds API tests for validating the shared ssl implementation. Change-Id: I81e1a4713dfeda81b361d34334e4e81ab8d2415c Tests: blueprint shared-ssl
2015-03-02 12:09:54 -05:00 · 2015-03-02 12:09:54 -05:00 · 48a82ce13d
commit 48a82ce13d
parent cfd1b82e19
10 changed files with 382 additions and 8 deletions
--- a/tests/api/base.py
+++ b/tests/api/base.py
@ -13,6 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+import random
+import string
 import uuid

 from cafe.drivers.unittest import fixtures
@ -74,6 +76,14 @@ class TestBase(fixtures.BaseTestFixture):
                serialize_format='json',
                deserialize_format='json')

+    def generate_random_string(self, prefix='API-Tests', length=12):
+        """Generates a random string of given prefix & length"""
+        random_string = ''.join(random.choice(
+            string.ascii_uppercase + string.ascii_uppercase + string.digits)
+            for _ in range(length))
+        random_string = prefix + random_string
+        return random_string
+
    def assertSchema(self, response_json, expected_schema):
        """Verify response schema aligns with the expected schema."""
        try:
--- a/tests/api/services/data_create_service_negative.json
+++ b/tests/api/services/data_create_service_negative.json
@ -288,6 +288,73 @@
                                     "request_url" : "/index.htm"}]}],
        "restrictions_list": [{}]
    },
+    "http_domain_with_certificate": {
+        "service_name": "my_service_name",
+        "domain_list": [{"domain": "mywebsite.com",
+                         "protocol": "http",
+                         "certificate": "shared"},
+                        {"domain": "blog.mywebsite.com", "protocol": "http"}],
+        "origin_list": [{"origin": "mywebsite1.com",
+                         "port": 80,
+                         "ssl": false}],
+        "caching_list": [{"name": "default", "ttl": 3600},
+                         {"name": "home",
+                          "ttl": 3600,
+                          "rules": [{"name" : "index",
+                                     "request_url" : "/index.htm"}]}],
+        "restrictions_list": [{}]
+    },
+    "https_domain_with_no_certificate": {
+        "service_name": "my_service_name",
+        "domain_list": [{"domain": "mywebsite.com",
+                         "protocol": "https"},
+                        {"domain": "blog.mywebsite.com", "protocol": "http"}],
+        "origin_list": [{"origin": "mywebsite1.com",
+                         "port": 443,
+                         "ssl": false}],
+        "caching_list": [{"name": "default", "ttl": 3600},
+                         {"name": "home",
+                          "ttl": 3600,
+                          "rules": [{"name" : "index",
+                                     "request_url" : "/index.htm"}]}],
+        "restrictions_list": [{}]
+    },
+    "https_domain_with_invalid_certificate": {
+        "service_name": "my_service_name",
+        "domain_list": [{"domain": "mywebsite.com",
+                         "protocol": "https",
+                         "certificate": "whatacert"},
+                        {"domain": "blog.mywebsite.com", "protocol": "http"}],
+        "origin_list": [{"origin": "mywebsite1.com",
+                         "port": 443,
+                         "ssl": false}],
+        "caching_list": [{"name": "default", "ttl": 3600},
+                         {"name": "home",
+                          "ttl": 3600,
+                          "rules": [{"name" : "index",
+                                     "request_url" : "/index.htm"}]}],
+        "restrictions_list": [{}]
+    },
+    "shared_ssl_multi_word_domain": {
+        "service_name": "domain_shared_ssl",
+        "domain_list": [{"domain": "sharedsslwebsite.com",
+                         "protocol": "https",
+                         "certificate": "shared"},
+                        {"domain": "website.com", "protocol": "http"}],
+        "origin_list": [{"origin": "mywebsite1.com",
+                         "port": 80,
+                         "ssl": false}],
+        "caching_list": [{"name": "default", "ttl": 3600},
+                         {"name": "home",
+                          "ttl": 1200,
+                          "rules": [{"name" : "index",
+                                     "request_url" : "/index.htm"}]}],
+         "restrictions_list": [
+                        {"name": "test",
+                        "rules": [{"name": "only me",
+                        "referrer": "www.mywebsite.com"}]}
+        ]
+    },
    "restrictions_no_rules": {
        "service_name": "my_service_name",
        "domain_list": [{"domain": "mywebsite.com", "protocol": "http"},
@ -364,5 +431,125 @@
                          "rules": [{"name" : "index",
                                     "request_url" : "/index.htm"}]}],
        "restrictions_list": []
+    },
+    "domain_shared_ssl_non_https": {
+        "service_name": "domain_shared_ssl",
+        "domain_list": [{"domain": "sharedsslwebsite",
+                         "protocol": "http",
+                         "certificate": "shared"},
+                        {"domain": "website.com", "protocol": "http"}],
+        "origin_list": [{"origin": "mywebsite1.com",
+                         "port": 80,
+                         "ssl": false}],
+        "caching_list": [{"name": "default", "ttl": 3600},
+                         {"name": "home",
+                          "ttl": 1200,
+                          "rules": [{"name" : "index",
+                                     "request_url" : "/index.htm"}]}],
+         "restrictions_list": [
+                        {"name": "test",
+                        "rules": [{"name": "only me",
+                        "referrer": "www.mywebsite.com"}]}
+        ]
+    },
+    "multi_word_domain_shared_ssl": {
+        "service_name": "multi_word_domain_shared_ssl",
+        "domain_list": [{"domain": "sharedssl.website",
+                         "protocol": "https",
+                         "certificate": "shared"},
+                        {"domain": "website.com", "protocol": "http"}],
+        "origin_list": [{"origin": "mywebsite1.com",
+                         "port": 80,
+                         "ssl": false}],
+        "caching_list": [{"name": "default", "ttl": 3600},
+                         {"name": "home",
+                          "ttl": 1200,
+                          "rules": [{"name" : "index",
+                                     "request_url" : "/index.htm"}]}],
+         "restrictions_list": [
+                        {"name": "test",
+                        "rules": [{"name": "only me",
+                        "referrer": "www.mywebsite.com"}]}
+        ]
+    },
+    "domain_san_ssl_non_https": {
+        "service_name": "domain_shared_ssl",
+        "domain_list": [{"domain": "sansslwebsite",
+                         "protocol": "http",
+                         "certificate": "san"},
+                        {"domain": "website.com", "protocol": "http"}],
+        "origin_list": [{"origin": "mywebsite1.com",
+                         "port": 80,
+                         "ssl": false}],
+        "caching_list": [{"name": "default", "ttl": 3600},
+                         {"name": "home",
+                          "ttl": 1200,
+                          "rules": [{"name" : "index",
+                                     "request_url" : "/index.htm"}]}],
+         "restrictions_list": [
+                        {"name": "test",
+                        "rules": [{"name": "only me",
+                        "referrer": "www.mywebsite.com"}]}
+        ]
+    },
+    "domain_custom_ssl_non_https": {
+        "service_name": "domain_custom_ssl",
+        "domain_list": [{"domain": "customsslwebsite",
+                         "protocol": "http",
+                         "certificate": "custom"},
+                        {"domain": "website.com", "protocol": "http"}],
+        "origin_list": [{"origin": "mywebsite1.com",
+                         "port": 80,
+                         "ssl": false}],
+        "caching_list": [{"name": "default", "ttl": 3600},
+                         {"name": "home",
+                          "ttl": 1200,
+                          "rules": [{"name" : "index",
+                                     "request_url" : "/index.htm"}]}],
+         "restrictions_list": [
+                        {"name": "test",
+                        "rules": [{"name": "only me",
+                        "referrer": "www.mywebsite.com"}]}
+        ]
+    },
+    "domain_shared_ssl_non_https_origin": {
+        "service_name": "domain_shared_ssl",
+        "domain_list": [{"domain": "sharedsslwebsite",
+                         "protocol": "https",
+                         "certificate": "shared"}],
+        "origin_list": [{"origin": "mywebsite1.com",
+                         "port": 80,
+                         "ssl": false}],
+        "caching_list": [{"name": "default", "ttl": 3600},
+                         {"name": "home",
+                          "ttl": 1200,
+                          "rules": [{"name" : "index",
+                                     "request_url" : "/index.htm"}]}],
+         "restrictions_list": [
+                        {"name": "test",
+                        "rules": [{"name": "only me",
+                        "referrer": "www.mywebsite.com"}]}
+        ]
+    },
+    "multi_domain_non-ssl_ssl": {
+        "service_name": "domain_shared_ssl",
+        "domain_list": [{"domain": "sharedsslwebsite",
+                         "protocol": "https",
+                         "certificate": "shared"},
+                        {"domain": "httpwebsite"}],
+        "origin_list": [{"origin": "mywebsite1.com",
+                         "port": 443,
+                         "ssl": true}],
+        "caching_list": [{"name": "default", "ttl": 3600},
+                         {"name": "home",
+                          "ttl": 1200,
+                          "rules": [{"name" : "index",
+                                     "request_url" : "/index.htm"}]}],
+         "restrictions_list": [
+                        {"name": "test",
+                        "rules": [{"name": "only me",
+                        "referrer": "www.mywebsite.com",
+                        "request_url" : "/index.htm"}]}
+        ]
    }
 }
--- a/tests/api/services/data_create_service_ssl_domain.json
+++ b/tests/api/services/data_create_service_ssl_domain.json
@ -0,0 +1,25 @@
+{
+    "domain_shared_ssl": {
+        "name": "domain_shared_ssl",
+        "domain_list": [{"domain": "sharedsslwebsite",
+                         "protocol": "https",
+                         "certificate": "shared"}
+                        ],
+        "origin_list": [{"origin": "mywebsite1.com",
+                         "port": 443,
+                         "ssl": true,
+                         "rules": [{ "name" : "default", "request_url" : "/*"}]
+                         }],
+        "caching_list": [{"name": "default", "ttl": 3600},
+                         {"name": "home",
+                          "ttl": 1200,
+                          "rules": [{"name" : "index",
+                                     "request_url" : "/index.htm"}]}],
+         "restrictions_list": [
+                        {"name": "test",
+                        "rules": [{"name": "only me",
+                        "referrer": "www.mywebsite.com",
+                        "request_url": "/click_me"}]}
+        ]
+    }
+}
--- a/tests/api/services/data_create_service_ssl_domain_not_implemented.json
+++ b/tests/api/services/data_create_service_ssl_domain_not_implemented.json
@ -0,0 +1,60 @@
+{
+    "domain_san_ssl": {
+        "name": "domain_san_ssl",
+        "domain_list": [{"domain": "sansslwebsite.com",
+                         "protocol": "https",
+                         "certificate": "san"}],
+        "origin_list": [{"origin": "mywebsite1.com",
+                         "port": 443,
+                         "ssl": true}],
+        "caching_list": [{"name": "default", "ttl": 3600},
+                         {"name": "home",
+                          "ttl": 1200,
+                          "rules": [{"name" : "index",
+                                     "request_url" : "/index.htm"}]}],
+         "restrictions_list": [
+                        {"name": "test",
+                        "rules": [{"name": "only me",
+                        "referrer": "www.mywebsite.com"}]}
+        ]
+    },
+    "domain_custom_ssl": {
+        "name": "domain_san_ssl",
+        "domain_list": [{"domain": "customsslwebsite.com",
+                         "protocol": "https",
+                         "certificate": "custom"}],
+        "origin_list": [{"origin": "mywebsite1.com",
+                         "port": 443,
+                         "ssl": true}],
+        "caching_list": [{"name": "default", "ttl": 3600},
+                         {"name": "home",
+                          "ttl": 1200,
+                          "rules": [{"name" : "index",
+                                     "request_url" : "/index.htm"}]}],
+         "restrictions_list": [
+                        {"name": "test",
+                        "rules": [{"name": "only me",
+                        "referrer": "www.mywebsite.com"}]}
+        ]
+    },
+    "domain_shared_ssl": {
+        "name": "domain_shared_ssl",
+        "domain_list": [{"domain": "sharedsslwebsite",
+                         "protocol": "https",
+                         "certificate": "shared"}
+                        ],
+        "origin_list": [{"origin": "mywebsite1.com",
+                         "port": 443,
+                         "ssl": true}],
+        "caching_list": [{"name": "default", "ttl": 3600},
+                         {"name": "home",
+                          "ttl": 1200,
+                          "rules": [{"name" : "index",
+                                     "request_url" : "/index.htm"}]}],
+         "restrictions_list": [
+                        {"name": "test",
+                        "rules": [{"name": "only me",
+                        "referrer": "www.mywebsite.com"}]}
+        ]
+    }
+}
--- a/tests/api/services/data_patch_service.json
+++ b/tests/api/services/data_patch_service.json
@ -216,5 +216,16 @@
         "path": "/log_delivery/enabled",
         "value": false}
    ],
+   "add_ssl_domain_origin": [
+        {
+         "op": "replace",
+         "path": "/domains/0",
+         "value": {"domain": "replaceme.com", "protocol": "https",
+                   "certificate": "shared"}},
+        {"op": "replace",
+         "path": "/origins/0",
+         "value": {"origin": "1.1.1.1", "port": 443, "ssl": true,
+         "rules": [{"name" : "origin", "request_url" : "/origin2.htm"}]}}
+    ],
    "empty_list": []
 }
--- a/tests/api/services/data_patch_service_negative.json
+++ b/tests/api/services/data_patch_service_negative.json
@ -166,5 +166,12 @@
        {"op": "replace",
         "path": "/log_delivery/enabled",
         "value": "not a boolean"}
+    ],
+   "add_ssl_domain": [
+        {
+         "op": "add",
+         "path": "/domains/-",
+         "value": {"domain": "replaceme.com", "protocol": "https",
+                   "certificate": "shared"}}
    ]
 }
--- a/tests/api/services/test_services.py
+++ b/tests/api/services/test_services.py
@ -114,6 +114,46 @@ class TestCreateService(providers.TestProviderBase):
                    msg='Caching List Not Correct for {0} service name {1}'.
                        format(provider, self.service_name))

+    @attrib.attr('smoke')
+    @ddt.file_data('data_create_service_ssl_domain.json')
+    def test_create_service_ssl_domain_positive(self, test_data):
+        if self.test_config.run_ssl_tests is False:
+            self.skipTest(
+                'SSL tests are currently disabled in configuration')
+
+        domain_list = test_data['domain_list']
+        for item in domain_list:
+            item['domain'] = str(uuid.uuid1())
+        origin_list = test_data['origin_list']
+        caching_list = test_data['caching_list']
+        flavor_id = self.flavor_id
+
+        resp = self.client.create_service(service_name=self.service_name,
+                                          domain_list=domain_list,
+                                          origin_list=origin_list,
+                                          caching_list=caching_list,
+                                          flavor_id=flavor_id)
+        self.assertEqual(resp.status_code, 202)
+        self.assertEqual(resp.text, '')
+        self.service_url = resp.headers['location']
+
+        resp = self.client.get_service(location=self.service_url)
+        self.assertEqual(resp.status_code, 200)
+
+        self.client.wait_for_service_status(
+            location=self.service_url,
+            status='deployed',
+            abort_on_status='failed',
+            retry_interval=self.test_config.status_check_retry_interval,
+            retry_timeout=self.test_config.status_check_retry_timeout)
+
+        resp = self.client.get_service(location=self.service_url)
+        self.assertEqual(resp.status_code, 200)
+
+        body = resp.json()
+        status = body['status']
+        self.assertEqual(status, 'deployed')
+
    @attrib.attr('smoke')
    @ddt.file_data('data_create_service_negative.json')
    def test_create_service_negative(self, test_data):
@ -600,13 +640,26 @@ class TestServicePatch(base.TestBase):
                         sorted(expected_response['origins']))
        self.assertEqual(sorted(actual_response['caching']),
                         sorted(expected_response['caching']))
-        self.assertEqual(sorted(actual_response['domains']),
-                         sorted(expected_response['domains']))
        self.assertEqual(sorted(actual_response['restrictions']),
                         sorted(expected_response['restrictions']))
        self.assertEqual(actual_response['flavor_id'],
                         expected_response['flavor_id'])

+        for item in actual_response['domains']:
+            if (('certificate' in item) and
+                    (item['certificate'] == 'shared')):
+                item['domain'] = item['domain'].split('.')[0]
+            self.assertEqual(sorted(actual_response['domains']),
+                             sorted(expected_response['domains']))
+
+    def _replace_domain(self, domain):
+        if ('protocol' in domain):
+            if domain['protocol'] == 'https':
+                if (domain['certificate'] == u'shared'):
+                    return str(uuid.uuid1())
+
+        return str(uuid.uuid1()) + '.com'
+
    @ddt.file_data('data_patch_service.json')
    def test_patch_service(self, test_data):

@ -616,9 +669,11 @@ class TestServicePatch(base.TestBase):

            if ('domain' in item['path']) and ('value' in item):
                if isinstance(item['value'], (list)):
-                    item['value'][0]['domain'] = str(uuid.uuid1()) + '.com'
+                    item['value'][0]['domain'] = self._replace_domain(
+                        domain=item['value'][0])
                else:
-                    item['value']['domain'] = str(uuid.uuid1()) + '.com'
+                    item['value']['domain'] = self._replace_domain(
+                        domain=item['value'])

        patch = jsonpatch.JsonPatch(test_data)
        expected_service_details = patch.apply(self.original_service_details)
--- a/tests/api/utils/config.py
+++ b/tests/api/utils/config.py
@ -72,6 +72,11 @@ class TestConfig(data_interfaces.ConfigSectionInterface):
        """Flag to indicate if project_id should be present in the url."""
        return self.get_boolean('project_id_in_url')

+    @property
+    def run_ssl_tests(self):
+        """Flag to indicate if positive tests for SSL cert should run."""
+        return self.get_boolean('run_ssl_tests')
+

 class AuthConfig(data_interfaces.ConfigSectionInterface):
    """Defines the auth config values."""
--- a/tests/api/utils/schema/services.py
+++ b/tests/api/utils/schema/services.py
@ -17,8 +17,21 @@
 domain = {
    'type': 'object',
    'properties': {
-        'domain': {'type': 'string', 'format': 'uri'}},
-    'required': ['domain']
+        'domain': {'type': 'string', 'format': 'uri'},
+        'protocol': {'type': 'string', 'enum': ['http']}},
+    'required': ['domain'],
+    'additionalProperties': False
+}
+
+domain_https = {
+    'type': 'object',
+    'properties': {
+        'domain': {'type': 'string', 'format': 'uri'},
+        'protocol': {'type': 'string', 'enum': ['https']},
+        'certificate':
+            {'type': 'string', 'enum': ['shared', 'san', 'custom']}},
+    'required': ['domain', 'protocol', 'certificate'],
+    'additionalProperties': False
 }

 origin = {
@ -32,7 +45,7 @@ origin = {
        'ssl': {'type': 'boolean'},
        'rules': {'type': 'array'}},
    'required': ['origin', 'port', 'ssl'],
-    'additionalProperties': False,
+    'additionalProperties': False
 }

 cache = {'type': 'object',
@ -70,7 +83,7 @@ get_service = {
        'id': service_id,
        'name': service_name,
        'domains': {'type': 'array',
-                    'items': domain,
+                    'items': {'anyOf': [domain, domain_https]},
                    'minItems': 1
                    },
        'origins': {'type': 'array',
--- a/tests/etc/api.conf
+++ b/tests/etc/api.conf
@ -24,6 +24,7 @@ generate_flavors=False
 default_flavor=standard
 generated_provider=fastly
 project_id_in_url=False
+run_ssl_tests=False

 [provider_1]
 api_key=INSERT_YOUR_API_KEY