tests(refactor): Improve consistency and documentation for test helpers (#3012)

This commit is contained in:
Georg Lauterbach 2023-01-22 00:05:28 +01:00 committed by GitHub
parent fb82082cf1
commit e3c4ef76c6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
32 changed files with 936 additions and 656 deletions

View file

@ -27,7 +27,7 @@ function setup_file() {
# Only interferes (potential test failure) with `assert_output` not `assert_success`?
docker pull drwetter/testssl.sh:3.1dev
# Only used in `should_support_expected_cipherlists()` to set a storage location for `testssl.sh` JSON output:
# Only used in `_should_support_expected_cipherlists()` to set a storage location for `testssl.sh` JSON output:
# `${BATS_TMPDIR}` maps to `/tmp`: https://bats-core.readthedocs.io/en/v1.8.2/writing-tests.html#special-variables
export TLS_RESULTS_DIR="${BATS_TMPDIR}/results"
}
@ -39,38 +39,38 @@ function teardown_file() {
function teardown() { _default_teardown ; }
@test "'TLS_LEVEL=intermediate' + RSA" {
configure_and_run_dms_container 'intermediate' 'rsa'
should_support_expected_cipherlists
_configure_and_run_dms_container 'intermediate' 'rsa'
_should_support_expected_cipherlists
}
@test "'TLS_LEVEL=intermediate' + ECDSA" {
configure_and_run_dms_container 'intermediate' 'ecdsa'
should_support_expected_cipherlists
_configure_and_run_dms_container 'intermediate' 'ecdsa'
_should_support_expected_cipherlists
}
# Only ECDSA with an RSA fallback is tested.
# There isn't a situation where RSA with an ECDSA fallback would make sense.
@test "'TLS_LEVEL=intermediate' + ECDSA with RSA fallback" {
configure_and_run_dms_container 'intermediate' 'ecdsa' 'rsa'
should_support_expected_cipherlists
_configure_and_run_dms_container 'intermediate' 'ecdsa' 'rsa'
_should_support_expected_cipherlists
}
@test "'TLS_LEVEL=modern' + RSA" {
configure_and_run_dms_container 'modern' 'rsa'
should_support_expected_cipherlists
_configure_and_run_dms_container 'modern' 'rsa'
_should_support_expected_cipherlists
}
@test "'TLS_LEVEL=modern' + ECDSA" {
configure_and_run_dms_container 'modern' 'ecdsa'
should_support_expected_cipherlists
_configure_and_run_dms_container 'modern' 'ecdsa'
_should_support_expected_cipherlists
}
@test "'TLS_LEVEL=modern' + ECDSA with RSA fallback" {
configure_and_run_dms_container 'modern' 'ecdsa' 'rsa'
should_support_expected_cipherlists
_configure_and_run_dms_container 'modern' 'ecdsa' 'rsa'
_should_support_expected_cipherlists
}
function configure_and_run_dms_container() {
function _configure_and_run_dms_container() {
local TLS_LEVEL=$1
local KEY_TYPE=$2
local ALT_KEY_TYPE=$3 # Optional parameter
@ -106,23 +106,23 @@ function configure_and_run_dms_container() {
)
fi
init_with_defaults
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
_init_with_defaults
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_wait_for_smtp_port_in_container
}
function should_support_expected_cipherlists() {
function _should_support_expected_cipherlists() {
# Make a directory with test user ownership. Avoids Docker creating this with root ownership.
# TODO: Can switch to filename prefix for JSON output when this is resolved: https://github.com/drwetter/testssl.sh/issues/1845
local RESULTS_PATH="${TLS_RESULTS_DIR}/${TEST_VARIANT}"
mkdir -p "${RESULTS_PATH}"
collect_cipherlists
verify_cipherlists
_collect_cipherlists
_verify_cipherlists
}
# Verify that the collected results match our expected cipherlists:
function verify_cipherlists() {
function _verify_cipherlists() {
# SMTP: Opportunistic STARTTLS Explicit(25)
# Needs to test against cipher lists specific to Port 25 ('_p25' parameter)
check_cipherlists "${RESULTS_PATH}/port_25.json" '_p25'
@ -141,7 +141,7 @@ function verify_cipherlists() {
}
# Using `testssl.sh` we can test each port to collect a list of supported cipher suites (ordered):
function collect_cipherlists() {
function _collect_cipherlists() {
# NOTE: An rDNS query for the container IP will resolve to `<container name>.<network name>.`
# For non-CI test runs, instead of removing prior test files after this test suite completes,

View file

@ -14,7 +14,7 @@ function teardown() { _default_teardown ; }
# Similar to BATS `setup()` method, but invoked manually after
# CONTAINER_NAME has been adjusted for the running testcase.
function _initial_setup() {
init_with_defaults
_init_with_defaults
# Prepare certificates in the letsencrypt supported file structure:
# NOTE: Certbot uses `privkey.pem`.
@ -41,7 +41,7 @@ function _initial_setup() {
--env PERMIT_DOCKER='container'
--env SSL_TYPE='letsencrypt'
)
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
# Test that certificate files exist for the configured `hostname`:
_should_have_valid_config "${TARGET_DOMAIN}" 'privkey.pem' 'fullchain.pem'
@ -61,7 +61,7 @@ function _initial_setup() {
--env PERMIT_DOCKER='container'
--env SSL_TYPE='letsencrypt'
)
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
#test domain has certificate files
_should_have_valid_config "${TARGET_DOMAIN}" 'privkey.pem' 'fullchain.pem'
@ -102,8 +102,8 @@ function _initial_setup() {
--env SSL_DOMAIN='*.example.test'
--env SSL_TYPE='letsencrypt'
)
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
wait_for_service "${CONTAINER_NAME}" 'changedetector'
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_wait_for_service 'changedetector'
}
# Test `acme.json` extraction works at container startup:
@ -180,7 +180,7 @@ function _should_have_valid_config() {
# CMD ${1} run in container with output checked to match value of ${2}:
function _has_matching_line() {
_run_in_container bash -c "${1} | grep '${2}'"
_run_in_container_bash "${1} | grep '${2}'"
assert_output "${2}"
}
@ -207,7 +207,7 @@ function _should_extract_on_changes() {
local ACME_JSON=${2}
cp "${ACME_JSON}" "${TEST_TMP_CONFIG}/letsencrypt/acme.json"
wait_until_change_detection_event_completes "${CONTAINER_NAME}"
_wait_until_change_detection_event_completes
# Expected log lines from the changedetector service:
run _get_logs_since_last_change_detection "${CONTAINER_NAME}"

View file

@ -30,10 +30,10 @@ function setup_file() {
--env SSL_ALT_CERT_PATH="${SSL_ALT_CERT_PATH}"
)
init_with_defaults
# Override the default set in `common_container_setup`:
_init_with_defaults
# Override the default set in `_common_container_setup`:
export TEST_FQDN="mail.${TEST_DOMAIN}"
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
}
function teardown_file() { _default_teardown ; }
@ -90,7 +90,7 @@ function teardown_file() { _default_teardown ; }
}
@test "manual cert works correctly" {
wait_for_tcp_port_in_container 587 "${CONTAINER_NAME}"
_wait_for_tcp_port_in_container 587
local TEST_COMMAND=(timeout 1 openssl s_client -connect mail.example.test:587 -starttls smtp)
local RESULT