tls: Refactor the ssl socket test#5402
Conversation
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
vadimeisenbergibm
changed the title
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
vadimeisenbergibm
changed the title
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
to match the order in the original call to testUtilV2() Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
This reverts commit 53bbe1e. Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
This reverts commit 05f85c5. Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
This reverts commit c43b76f. Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
This reverts commit cc9a9c5. Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
This reverts commit 9ccec68. Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
….exit"" This reverts commit 2090ae3. Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
This reverts commit c43b76f. Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
This reverts commit f02bdb8. Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
This reverts commit bcbbe9d. Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
This reverts commit 334c2c0. Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
This reverts commit 53bbe1e. Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
This reverts commit 05f85c5. Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
…ilOptionsV2) Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
…lOptionsV2) remove the other version of testUtilV2, leave the version with options only Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
vadimeisenbergibm
changed the title
|
@htuch Following your comment #4973 (comment) |
htuch
left a comment
htuch
left a comment
There was a problem hiding this comment.
Thanks @vadimeisenbergibm! This is a really nice cleanup!
test/common/ssl/ssl_socket_test.cc
Outdated
| : expected_server_stats_(expected_server_stats), expect_success_(expect_success), | ||
| version_(version) {} | ||
|
|
||
| void expectedClientCertURI(const std::string& expected_client_cert_uri) { |
There was a problem hiding this comment.
Nit: can you prefix all these mutators with set, e.g. setExpectedClientCertUri? I think this will improve readability a bit.
test/common/ssl/ssl_socket_test.cc
Outdated
| : TestUtilOptionsBase(expected_server_stats, expect_success, version), | ||
| client_ctx_yaml_(client_ctx_yaml), server_ctx_yaml_(server_ctx_yaml) {} | ||
|
|
||
| const std::string& clientCtxYAML() const { return client_ctx_yaml_; } |
There was a problem hiding this comment.
Nit: Envoy style is clientCtxtYaml.
test/common/ssl/ssl_socket_test.cc
Outdated
| } | ||
|
|
||
| const std::string& expectedClientCertURI() const { | ||
| return TestUtilOptionsBase::expectedClientCertURI(); |
There was a problem hiding this comment.
You need to implement this method if it's just the same as in the parent class.
There was a problem hiding this comment.
@htuch I guess you mean "You need not to implement". Currently, it is needed because the setter version of expectedClientCertURI() overrides the version of the parent class, so all the versions of expectedClientCertURI() are not inherited and have to be implemented, as far as I understand it.
Anyway, I will rename the setter to be setExpectedClientCertUri(), so the getter will be inherited from the parent class.
| } | ||
|
|
||
| TestUtilOptions& expectedDigest(const std::string& expected_digest) { | ||
| expected_digest_ = expected_digest; |
There was a problem hiding this comment.
Nit: as above, setExpectedDigest() etc.
test/common/ssl/ssl_socket_test.cc
Outdated
| // The SAN field only has DNS, expect "" for uriSanPeerCertificate(). | ||
| testUtil(client_ctx_yaml, server_ctx_yaml, "", "", "", TEST_SAN_DNS_CERT_SERIAL, "", "", "", | ||
| "ssl.handshake", true, GetParam()); | ||
| TestUtilOptions test_options(client_ctx_yaml, server_ctx_yaml, "ssl.handshake", true, GetParam()); |
There was a problem hiding this comment.
There's still 5 params here, which is getting a little long, could some of these be switched to the builder pattern, or are they all compulsory?
There was a problem hiding this comment.
@htuch I can switch all the parameters to be set by setters, however it will produce longer code at the call sites. How about leaving four parameters in the constructor, for TestUtilOptions and TestUtilOptionsV2? It will be client ctx, server ctx, expected_success and version. "ssl.handshake" can be set by default for client and server stats.
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
it is inherited from the base class Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
…ificate Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com>
|
@htuch I have applied your comments. asan seems to fail on an unrelated test. |
|
🔨 rebuilding |
htuch
left a comment
htuch
left a comment
There was a problem hiding this comment.
Thanks, this is a really nice cleanup!
| if (expect_success) { | ||
| setExpectedServerStats("ssl.handshake"); | ||
| } else { | ||
| setExpectedServerStats("ssl.fail_verify_error"); |
There was a problem hiding this comment.
I know this is merged already, but... why is this the default in case of failure instead of ssl.connection_error?
There was a problem hiding this comment.
Because for testUtil this is the server stats in all the cases when expect_success is false, and for testUtilV2 it has the same number of cases as ssl.connection_error. If you think the default value is important, I can change it in a new PR.
| if (expect_success) { | ||
| setExpectedServerStats("ssl.handshake").setExpectedClientStats("ssl.handshake"); | ||
| } else { | ||
| setExpectedServerStats("ssl.fail_verify_error") |
|
|
||
| // Connection using defaults (client & server) succeeds. | ||
| testUtilV2(listener, client, "", true, "", "", "spiffe://lyft.com/test-team", "", "", | ||
| "ssl.sigalgs.rsa_pss_rsae_sha256", "ssl.sigalgs.ecdsa_secp256r1_sha256", GetParam(), |
There was a problem hiding this comment.
I know this is merged already, but... you removed the only thing that's tested here (ssl.sigalgs.* stats).
There was a problem hiding this comment.
@PiotrSikora Oops, let me put it back in a separate PR, sorry.
There was a problem hiding this comment.
@PiotrSikora Submitted an additional PR to fix it #5429. Good catch!
I will go over all the tests and recheck the stats. More comments are welcome.
Refactor the ssl socket test - use options objects instead of long parameter lists. Risk Level: Zero risk Testing: the test itself Docs Changes: None Signed-off-by: Vadim Eisenberg <vadime@il.ibm.com> Signed-off-by: Fred Douglas <fredlas@google.com>
4 participants
Description: Refactor the ssl socket test - use options objects instead of long parameter lists.
Risk Level: Zero risk
Testing: the test itself
Docs Changes: None
Release Notes: