Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add basic TLS common tests #72

Merged
merged 11 commits into from
Nov 19, 2024
Merged

Add basic TLS common tests #72

merged 11 commits into from
Nov 19, 2024

Conversation

bjosv
Copy link
Collaborator

@bjosv bjosv commented Nov 13, 2024

Start a cluster with TLS and verify that ered can communicate with the cluster,
and verify the behavior when using an expired client certificate.

Some tests require the tool faketime to modify the system time,
but tests are skipped if the tool is not available in PATH.

@bjosv
Add basic TLS common tests
3d59c3f 
Start a cluster with TLS and verify that ered can communicate
with the cluster, and verify the behavior when using an expired
client certificate.
Some tests require the tool `faketime` to modify the system time,
but tests are skipped if the tool is not available in PATH.

https://manpages.ubuntu.com/manpages/trusty/man1/faketime.1.html
@bjosv
Update OTP versions in CI and remove OTP 24
ae16538
zuiderkwast
zuiderkwast reviewed Nov 18, 2024
View reviewed changes
Copy link
Collaborator

@zuiderkwast zuiderkwast left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Skimmed though it. Looks good. We could do something to avoid the duplicated helper code, if you want.

test/ered_tls_SUITE.erl Outdated Show resolved Hide resolved
test/ered_tls_SUITE.erl Outdated Show resolved Hide resolved
test/ered_tls_SUITE.erl Outdated Show resolved Hide resolved
test/ered_tls_SUITE.erl Outdated Show resolved Hide resolved
test/ered_tls_SUITE.erl Show resolved Hide resolved
zuiderkwast
zuiderkwast approved these changes Nov 18, 2024
View reviewed changes
Copy link
Collaborator

@zuiderkwast zuiderkwast left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! TLS tests are good to have.

Just a question about the tls directory. Do we want it to created by the test in the current directory? I can't see any problem with that right now, so guess it's fine.

test/ered_tls_SUITE.erl
end.

generate_tls_certs() ->
filelib:ensure_path("tls/"),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This requires that the current directory is something specific? At least, the test needs write permissions in the current directory to create the tls directory and the certs.

The test doesn't delete the certs afterwards, right? Will openssl overwrite the files if we run the test again?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When using rebar3, as we do in CI and probably most users, the current directory path is set by the common test runner.
The tls files are placed like:
<ered repo>/_build/test/logs/[email protected]_15.42.48/tls/client.crt

These files are not overwritten since rebar3 creates a new directory for each run, which might be good when reproducing an issue.

@bjosv bjosv merged commit 4caafcc into Ericsson:main Nov 19, 2024
10 checks passed
@bjosv bjosv deleted the add-tls-tests branch November 19, 2024 09:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zuiderkwast zuiderkwast zuiderkwast approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bjosv @zuiderkwast