mirror of
https://github.com/jupyterhub/the-littlest-jupyterhub.git
synced 2025-12-18 21:54:05 +08:00
test manual https setup
adds integration test for manual https certs
This commit is contained in:
Min RK
27
integration-tests/conftest.py
Normal file
27
integration-tests/conftest.py
Normal file
@@ -0,0 +1,27 @@
|
|||||||
|
"""pytest fixtures"""
|
||||||
|
|
||||||
|
import os
|
||||||
|
|
||||||
|
from pytest import fixture
|
||||||
|
|
||||||
|
from tljh.config import CONFIG_FILE, reload_component
|
||||||
|
|
||||||
|
|
||||||
|
@fixture
|
||||||
|
def preserve_config(request):
|
||||||
|
"""Fixture to save and restore config around tests"""
|
||||||
|
if os.path.exists(CONFIG_FILE):
|
||||||
|
with open(CONFIG_FILE) as f:
|
||||||
|
save_config = f.read()
|
||||||
|
else:
|
||||||
|
save_config = None
|
||||||
|
try:
|
||||||
|
yield
|
||||||
|
finally:
|
||||||
|
if save_config:
|
||||||
|
with open(CONFIG_FILE, "w") as f:
|
||||||
|
f.write(save_config)
|
||||||
|
elif os.path.exists(CONFIG_FILE):
|
||||||
|
os.remove(CONFIG_FILE)
|
||||||
|
reload_component("hub")
|
||||||
|
reload_component("proxy")
|
||||||
61
integration-tests/test_proxy.py
Normal file
61
integration-tests/test_proxy.py
Normal file
@@ -0,0 +1,61 @@
|
|||||||
|
"""tests for the proxy"""
|
||||||
|
import os
|
||||||
|
import shutil
|
||||||
|
import ssl
|
||||||
|
from subprocess import check_call
|
||||||
|
import time
|
||||||
|
|
||||||
|
import requests
|
||||||
|
|
||||||
|
from tljh.config import reload_component, set_config_value, CONFIG_FILE
|
||||||
|
|
||||||
|
|
||||||
|
def test_manual_https(preserve_config):
|
||||||
|
ssl_dir = "/etc/tljh-ssl-test"
|
||||||
|
key = ssl_dir + "/ssl.key"
|
||||||
|
cert = ssl_dir + "/ssl.cert"
|
||||||
|
os.makedirs(ssl_dir, exist_ok=True)
|
||||||
|
os.chmod(ssl_dir, 0o600)
|
||||||
|
# generate key and cert
|
||||||
|
check_call(
|
||||||
|
[
|
||||||
|
"openssl",
|
||||||
|
"req",
|
||||||
|
"-nodes",
|
||||||
|
"-newkey",
|
||||||
|
"rsa:2048",
|
||||||
|
"-keyout",
|
||||||
|
key,
|
||||||
|
"-x509",
|
||||||
|
"-days",
|
||||||
|
"1",
|
||||||
|
"-out",
|
||||||
|
cert,
|
||||||
|
"-subj",
|
||||||
|
"/CN=tljh.jupyer.org",
|
||||||
|
]
|
||||||
|
)
|
||||||
|
set_config_value(CONFIG_FILE, "https.enabled", True)
|
||||||
|
set_config_value(CONFIG_FILE, "https.tls.key", key)
|
||||||
|
set_config_value(CONFIG_FILE, "https.tls.cert", cert)
|
||||||
|
reload_component("proxy")
|
||||||
|
for i in range(10):
|
||||||
|
time.sleep(i)
|
||||||
|
try:
|
||||||
|
server_cert = ssl.get_server_certificate(("127.0.0.1", 443))
|
||||||
|
except Exception as e:
|
||||||
|
print(e)
|
||||||
|
else:
|
||||||
|
break
|
||||||
|
with open(cert) as f:
|
||||||
|
file_cert = f.read()
|
||||||
|
|
||||||
|
# verify that our certificate was loaded by traefik
|
||||||
|
assert server_cert == file_cert
|
||||||
|
|
||||||
|
# verify that we can still connect to the hub
|
||||||
|
r = requests.get("https://127.0.0.1/hub/api", verify=False)
|
||||||
|
r.raise_for_status()
|
||||||
|
|
||||||
|
# cleanup
|
||||||
|
shutil.rmtree(ssl_dir)
|
||||||
Reference in New Issue
Block a user