tests/test_traefik.py

"""Test traefik configuration"""
import os
from unittest import mock

import pytoml as toml

from tljh import config
from tljh import traefik


def test_download_traefik(tmpdir):
    traefik_bin = tmpdir.mkdir("bin").join("traefik")
    traefik.ensure_traefik_binary(str(tmpdir))
    assert traefik_bin.exists()
    # ignore higher-order permission bits, only verify ugo permissions
    assert (traefik_bin.stat().mode & 0o777) == 0o755


def test_default_config(tmpdir, tljh_dir):
    state_dir = tmpdir.mkdir("state")
    with mock.patch(
        "tljh.configurer.generate_traefik_api_credentials"
    ) as generate_credentials:
        traefik.ensure_traefik_config(str(state_dir))
    assert state_dir.join("traefik.toml").exists()
    traefik_toml = os.path.join(state_dir, "traefik.toml")
    with open(traefik_toml) as f:
        toml_cfg = f.read()
        # print config for debugging on failure
        print(config.CONFIG_FILE)
        print(toml_cfg)
        cfg = toml.loads(toml_cfg)
    assert cfg["defaultEntryPoints"] == ["http"]
    assert len(cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"]) == 1
    # runtime generated entry, value not testable
    cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"] = [""]

    assert cfg["entryPoints"] == {
        "http": {"address": ":80"},
        "auth_api": {
            "address": "127.0.0.1:8099",
            "auth": {
                "basic": {"users": [""]}
            },
            "whiteList": {"sourceRange": ["127.0.0.1"]}
        },
    }


def test_letsencrypt_config(tljh_dir):
    state_dir = config.STATE_DIR
    config.set_config_value(config.CONFIG_FILE, "https.enabled", True)
    config.set_config_value(
        config.CONFIG_FILE, "https.letsencrypt.email", "fake@jupyter.org"
    )
    config.set_config_value(
        config.CONFIG_FILE, "https.letsencrypt.domains", ["testing.jovyan.org"]
    )
    with mock.patch(
        "tljh.configurer.generate_traefik_api_credentials"
    ) as generate_credentials:
        traefik.ensure_traefik_config(str(state_dir))
    traefik_toml = os.path.join(state_dir, "traefik.toml")
    with open(traefik_toml) as f:
        toml_cfg = f.read()
        # print config for debugging on failure
        print(config.CONFIG_FILE)
        print(toml_cfg)
        cfg = toml.loads(toml_cfg)
    assert cfg["defaultEntryPoints"] == ["http", "https"]
    assert "acme" in cfg
    assert len(cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"]) == 1
    # runtime generated entry, value not testable
    cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"] = [""]

    assert cfg["entryPoints"] == {
        "http": {"address": ":80", "redirect": {"entryPoint": "https"}},
        "https": {"address": ":443", "tls": {}},
        "auth_api": {
            "address": "127.0.0.1:8099",
            "auth": {
                "basic": {"users": [""]}
            },
            "whiteList": {"sourceRange": ["127.0.0.1"]}
        },
    }
    assert cfg["acme"] == {
        "email": "fake@jupyter.org",
        "storage": "acme.json",
        "entryPoint": "https",
        "httpChallenge": {"entryPoint": "http"},
        "domains": [{"main": "testing.jovyan.org"}],
    }


def test_manual_ssl_config(tljh_dir):
    state_dir = config.STATE_DIR
    config.set_config_value(config.CONFIG_FILE, "https.enabled", True)
    config.set_config_value(config.CONFIG_FILE, "https.tls.key", "/path/to/ssl.key")
    config.set_config_value(config.CONFIG_FILE, "https.tls.cert", "/path/to/ssl.cert")
    with mock.patch(
        "tljh.configurer.generate_traefik_api_credentials"
    ) as generate_credentials:
        traefik.ensure_traefik_config(str(state_dir))
    traefik_toml = os.path.join(state_dir, "traefik.toml")
    with open(traefik_toml) as f:
        toml_cfg = f.read()
        # print config for debugging on failure
        print(config.CONFIG_FILE)
        print(toml_cfg)
        cfg = toml.loads(toml_cfg)
    assert cfg["defaultEntryPoints"] == ["http", "https"]
    assert "acme" not in cfg
    assert len(cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"]) == 1
    # runtime generated entry, value not testable
    cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"] = [""]
    assert cfg["entryPoints"] == {
        "http": {"address": ":80", "redirect": {"entryPoint": "https"}},
        "https": {
            "address": ":443",
            "tls": {
                "certificates": [
                    {"certFile": "/path/to/ssl.cert", "keyFile": "/path/to/ssl.key"}
                ]
            },
        },
        "auth_api": {
            "address": "127.0.0.1:8099",
            "auth": {
                "basic": {"users": [""]}
            },
            "whiteList": {"sourceRange": ["127.0.0.1"]}
        },
    }
unittests for traefik 2018-08-01 17:06:52 +02:00			`"""Test traefik configuration"""`
			`import os`
Removed chp service 2019-02-18 15:08:53 +02:00			`from unittest import mock`
unittests for traefik 2018-08-01 17:06:52 +02:00
			`import pytoml as toml`

			`from tljh import config`
			`from tljh import traefik`


			`def test_download_traefik(tmpdir):`
			`traefik_bin = tmpdir.mkdir("bin").join("traefik")`
			`traefik.ensure_traefik_binary(str(tmpdir))`
			`assert traefik_bin.exists()`
limit traefik permission check to ugo ignores possible sticky bits, etc. 2018-08-03 16:11:49 +02:00			`# ignore higher-order permission bits, only verify ugo permissions`
			`assert (traefik_bin.stat().mode & 0o777) == 0o755`
unittests for traefik 2018-08-01 17:06:52 +02:00

			`def test_default_config(tmpdir, tljh_dir):`
			`state_dir = tmpdir.mkdir("state")`
Fixed tests 2019-02-13 14:59:57 +02:00			`with mock.patch(`
			`"tljh.configurer.generate_traefik_api_credentials"`
			`) as generate_credentials:`
			`traefik.ensure_traefik_config(str(state_dir))`
unittests for traefik 2018-08-01 17:06:52 +02:00			`assert state_dir.join("traefik.toml").exists()`
			`traefik_toml = os.path.join(state_dir, "traefik.toml")`
			`with open(traefik_toml) as f:`
			`toml_cfg = f.read()`
			`# print config for debugging on failure`
			`print(config.CONFIG_FILE)`
			`print(toml_cfg)`
			`cfg = toml.loads(toml_cfg)`
			`assert cfg["defaultEntryPoints"] == ["http"]`
Fixed cfg runtime entry in test 2019-02-11 11:13:22 +02:00			`assert len(cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"]) == 1`
			`# runtime generated entry, value not testable`
			`cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"] = [""]`

Replace chp with traefik-proxy 2019-01-22 16:24:38 +02:00			`assert cfg["entryPoints"] == {`
			`"http": {"address": ":80"},`
			`"auth_api": {`
Fixed unit test 2019-02-12 14:55:01 +02:00			`"address": "127.0.0.1:8099",`
Replace chp with traefik-proxy 2019-01-22 16:24:38 +02:00			`"auth": {`
Fixed cfg runtime entry in test 2019-02-11 11:13:22 +02:00			`"basic": {"users": [""]}`
Replace chp with traefik-proxy 2019-01-22 16:24:38 +02:00			`},`
Fixed cfg runtime entry in test 2019-02-11 11:13:22 +02:00			`"whiteList": {"sourceRange": ["127.0.0.1"]}`
Replace chp with traefik-proxy 2019-01-22 16:24:38 +02:00			`},`
unittests for traefik 2018-08-01 17:06:52 +02:00			`}`


			`def test_letsencrypt_config(tljh_dir):`
			`state_dir = config.STATE_DIR`
			`config.set_config_value(config.CONFIG_FILE, "https.enabled", True)`
			`config.set_config_value(`
			`config.CONFIG_FILE, "https.letsencrypt.email", "fake@jupyter.org"`
			`)`
			`config.set_config_value(`
			`config.CONFIG_FILE, "https.letsencrypt.domains", ["testing.jovyan.org"]`
			`)`
Fixed tests 2019-02-13 14:59:57 +02:00			`with mock.patch(`
			`"tljh.configurer.generate_traefik_api_credentials"`
			`) as generate_credentials:`
			`traefik.ensure_traefik_config(str(state_dir))`
unittests for traefik 2018-08-01 17:06:52 +02:00			`traefik_toml = os.path.join(state_dir, "traefik.toml")`
			`with open(traefik_toml) as f:`
			`toml_cfg = f.read()`
			`# print config for debugging on failure`
			`print(config.CONFIG_FILE)`
			`print(toml_cfg)`
			`cfg = toml.loads(toml_cfg)`
			`assert cfg["defaultEntryPoints"] == ["http", "https"]`
			`assert "acme" in cfg`
Fixed cfg runtime entry in test 2019-02-11 11:13:22 +02:00			`assert len(cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"]) == 1`
			`# runtime generated entry, value not testable`
			`cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"] = [""]`

unittests for traefik 2018-08-01 17:06:52 +02:00			`assert cfg["entryPoints"] == {`
			`"http": {"address": ":80", "redirect": {"entryPoint": "https"}},`
Replace chp with traefik-proxy 2019-01-22 16:24:38 +02:00			`"https": {"address": ":443", "tls": {}},`
			`"auth_api": {`
Fixed unit test 2019-02-12 14:55:01 +02:00			`"address": "127.0.0.1:8099",`
Replace chp with traefik-proxy 2019-01-22 16:24:38 +02:00			`"auth": {`
Fixed cfg runtime entry in test 2019-02-11 11:13:22 +02:00			`"basic": {"users": [""]}`
Replace chp with traefik-proxy 2019-01-22 16:24:38 +02:00			`},`
Fixed cfg runtime entry in test 2019-02-11 11:13:22 +02:00			`"whiteList": {"sourceRange": ["127.0.0.1"]}`
Replace chp with traefik-proxy 2019-01-22 16:24:38 +02:00			`},`
unittests for traefik 2018-08-01 17:06:52 +02:00			`}`
			`assert cfg["acme"] == {`
			`"email": "fake@jupyter.org",`
			`"storage": "acme.json",`
			`"entryPoint": "https",`
			`"httpChallenge": {"entryPoint": "http"},`
			`"domains": [{"main": "testing.jovyan.org"}],`
			`}`


			`def test_manual_ssl_config(tljh_dir):`
			`state_dir = config.STATE_DIR`
			`config.set_config_value(config.CONFIG_FILE, "https.enabled", True)`
			`config.set_config_value(config.CONFIG_FILE, "https.tls.key", "/path/to/ssl.key")`
			`config.set_config_value(config.CONFIG_FILE, "https.tls.cert", "/path/to/ssl.cert")`
Fixed tests 2019-02-13 14:59:57 +02:00			`with mock.patch(`
			`"tljh.configurer.generate_traefik_api_credentials"`
			`) as generate_credentials:`
			`traefik.ensure_traefik_config(str(state_dir))`
unittests for traefik 2018-08-01 17:06:52 +02:00			`traefik_toml = os.path.join(state_dir, "traefik.toml")`
			`with open(traefik_toml) as f:`
			`toml_cfg = f.read()`
			`# print config for debugging on failure`
			`print(config.CONFIG_FILE)`
			`print(toml_cfg)`
			`cfg = toml.loads(toml_cfg)`
			`assert cfg["defaultEntryPoints"] == ["http", "https"]`
			`assert "acme" not in cfg`
Fixed cfg runtime entry in test 2019-02-11 11:13:22 +02:00			`assert len(cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"]) == 1`
			`# runtime generated entry, value not testable`
			`cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"] = [""]`
unittests for traefik 2018-08-01 17:06:52 +02:00			`assert cfg["entryPoints"] == {`
			`"http": {"address": ":80", "redirect": {"entryPoint": "https"}},`
			`"https": {`
			`"address": ":443",`
fix manual ssl config test 2018-08-03 16:17:22 +02:00			`"tls": {`
			`"certificates": [`
			`{"certFile": "/path/to/ssl.cert", "keyFile": "/path/to/ssl.key"}`
			`]`
			`},`
unittests for traefik 2018-08-01 17:06:52 +02:00			`},`
Replace chp with traefik-proxy 2019-01-22 16:24:38 +02:00			`"auth_api": {`
Fixed unit test 2019-02-12 14:55:01 +02:00			`"address": "127.0.0.1:8099",`
Replace chp with traefik-proxy 2019-01-22 16:24:38 +02:00			`"auth": {`
Fixed cfg runtime entry in test 2019-02-11 11:13:22 +02:00			`"basic": {"users": [""]}`
Replace chp with traefik-proxy 2019-01-22 16:24:38 +02:00			`},`
Fixed cfg runtime entry in test 2019-02-11 11:13:22 +02:00			`"whiteList": {"sourceRange": ["127.0.0.1"]}`
Replace chp with traefik-proxy 2019-01-22 16:24:38 +02:00			`},`
unittests for traefik 2018-08-01 17:06:52 +02:00			`}`