diff options
author | Alex Shatov <alexs@att.com> | 2018-09-14 16:54:05 -0400 |
---|---|---|
committer | Alex Shatov <alexs@att.com> | 2018-09-14 16:54:05 -0400 |
commit | 6556fd79eb177d8ed7c390d56410b42afb4a0c70 (patch) | |
tree | a45f57fbdd4ba1468390868371484d299d23ed8c /tests | |
parent | 1d693376205c66af93283d04e8e9740c947a7d02 (diff) |
4.3.0 policy-handler - tls to policy-engine
- tls to policy-engine
- tls on web-socket to policy-engine
- tls to deployment-handler
- no tls on the web-server side
= that is internal API
= will add TLS in R4
- policy-handler expecting the deployment process
to mount certs at /opt/app/policy_handler/etc/tls/certs/
- blueprint for policy-handler will be updated to contain
cert_directory : /opt/app/policy_handler/etc/tls/certs/
- the matching local etc/config.json has new part tls with:
= cert_directory : etc/tls/certs/
= cacert : cacert.pem
- new optional fields tls_ca_mode in config on consul that
specify where to find the cacert.pem for tls per each https/web-socket
values are:
"cert_directory" - use the cacert.pem stored locally in cert_directory
this is the default if cacert.pem file is found
"os_ca_bundle" - use the public ca_bundle provided by linux system.
this is the default if cacert.pem file not found
"do_not_verify" - special hack to turn off the verification by cacert
and hostname
- config on consul now has 2 new fields for policy_engine
= "tls_ca_mode" : "cert_directory"
= "tls_wss_ca_mode" : "cert_directory"
- config on consul now has 1 new field for deploy_handler
= "tls_ca_mode" : "cert_directory"
- removed customization for verify -- it is now a built-in feature
Change-Id: Ibe9120504ed6036d1ed4c84ff4cd8ad1d9e80f17
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-611
Diffstat (limited to 'tests')
-rw-r--r-- | tests/mock_config.json | 9 | ||||
-rw-r--r-- | tests/test_policyhandler.py | 16 |
2 files changed, 15 insertions, 10 deletions
diff --git a/tests/mock_config.json b/tests/mock_config.json index 98b0d19..7ec0ac6 100644 --- a/tests/mock_config.json +++ b/tests/mock_config.json @@ -13,7 +13,7 @@ }, "policy_engine" : { "url" : "https://pdp-server:8081", - "path_pdp" : "/pdp/", + "path_notifications" : "/pdp/notifications", "path_api" : "/pdp/api/", "headers" : { "Accept" : "application/json", @@ -22,7 +22,9 @@ "Authorization" : "Basic auth", "Environment" : "TEST" }, - "target_entity" : "policy_engine" + "target_entity" : "policy_engine", + "tls_ca_mode" : "cert_directory", + "tls_wss_ca_mode" : "cert_directory" }, "deploy_handler" : { "target_entity" : "deployment_handler", @@ -30,7 +32,8 @@ "max_msg_length_mb" : 5, "query" : { "cfy_tenant_name" : "default_tenant" - } + }, + "tls_ca_mode" : "cert_directory" } } } diff --git a/tests/test_policyhandler.py b/tests/test_policyhandler.py index d14aeea..c501c12 100644 --- a/tests/test_policyhandler.py +++ b/tests/test_policyhandler.py @@ -175,7 +175,7 @@ class MockDeploymentHandler(object): @pytest.fixture() def fix_pdp_post(monkeypatch): """monkeyed request /getConfig to PDP""" - def monkeyed_policy_rest_post(full_path, json=None, headers=None): + def monkeyed_policy_rest_post(full_path, json=None, headers=None, **custom_kwargs): """monkeypatch for the POST to policy-engine""" res_json = MockPolicyEngine.get_config(json.get(POLICY_NAME)) return MonkeyedResponse(full_path, res_json, json, headers) @@ -191,7 +191,7 @@ def fix_pdp_post(monkeypatch): @pytest.fixture() def fix_pdp_post_big(monkeypatch): """monkeyed request /getConfig to PDP""" - def monkeyed_policy_rest_post(full_path, json=None, headers=None): + def monkeyed_policy_rest_post(full_path, json=None, headers=None, **custom_kwargs): """monkeypatch for the POST to policy-engine""" res_json = MockPolicyEngine.get_configs_all() return MonkeyedResponse(full_path, res_json, json, headers) @@ -212,7 +212,7 @@ class MockException(Exception): @pytest.fixture() def fix_pdp_post_boom(monkeypatch): """monkeyed request /getConfig to PDP - exception""" - def monkeyed_policy_rest_post_boom(full_path, json=None, headers=None): + def monkeyed_policy_rest_post_boom(full_path, json=None, headers=None, **custom_kwargs): """monkeypatch for the POST to policy-engine""" raise MockException("fix_pdp_post_boom") @@ -268,12 +268,13 @@ def fix_discovery(monkeypatch): @pytest.fixture() def fix_deploy_handler(monkeypatch): """monkeyed requests to deployment-handler""" - def monkeyed_deploy_handler_put(full_path, json=None, headers=None, params=None): + def monkeyed_deploy_handler_put(full_path, json=None, headers=None, + params=None, **custom_kwargs): """monkeypatch for policy-update request.put to deploy_handler""" return MonkeyedResponse(full_path, MockDeploymentHandler.default_response(), json, headers) - def monkeyed_deploy_handler_get(full_path, headers=None, params=None): + def monkeyed_deploy_handler_get(full_path, headers=None, params=None, **custom_kwargs): """monkeypatch policy-update request.get to deploy_handler""" return MonkeyedResponse(full_path, MockDeploymentHandler.get_deployed_policies(), None, headers) @@ -295,7 +296,8 @@ def fix_deploy_handler(monkeypatch): @pytest.fixture() def fix_deploy_handler_fail(monkeypatch): """monkeyed failed discovery request.get""" - def monkeyed_deploy_handler_put(full_path, json=None, headers=None, params=None): + def monkeyed_deploy_handler_put(full_path, json=None, headers=None, + params=None, **custom_kwargs): """monkeypatch for deploy_handler""" res = MonkeyedResponse( full_path, @@ -305,7 +307,7 @@ def fix_deploy_handler_fail(monkeypatch): res.status_code = 413 return res - def monkeyed_deploy_handler_get(full_path, headers=None, params=None): + def monkeyed_deploy_handler_get(full_path, headers=None, params=None, **custom_kwargs): """monkeypatch policy-update request.get to deploy_handler""" return MonkeyedResponse(full_path, MockDeploymentHandler.default_response(), None, headers) |