Adds a security test to make sure paging links only use https

This test ensures that all paging links are over SSL and not
plain HTTP.

Change-Id: I1bf3dde26403ae2d12403b37e0b0c0946652b768
Implements: blueprint paging-links-over-https
This commit is contained in:
Henry Yamauchi 2015-07-31 11:41:51 -05:00 committed by Isaac Mungai
parent 6fa8a5959a
commit 1be3a21a61
3 changed files with 141 additions and 0 deletions

View File

@ -0,0 +1,135 @@
# coding= utf-8
# Copyright (c) 2015 Rackspace, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import urlparse
import uuid
import ddt
from tests.api import base
@ddt.ddt
class TestHttpsInLinkService(base.TestBase):
"""Tests if pagination links use http URLs"""
def _create_test_service(self):
service_name = str(uuid.uuid1())
self.domain_list = [{"domain": self.generate_random_string(
prefix='www.security-test-domain') + '.com'}]
self.origin_list = [{"origin": self.generate_random_string(
prefix='security-test-origin') + '.com', "port": 80, "ssl": False,
"hostheadertype": "custom", "hostheadervalue":
"www.seccustomweb.com"}]
self.caching_list = []
self.log_delivery = {"enabled": False}
resp = self.client.create_service(service_name=service_name,
domain_list=self.domain_list,
origin_list=self.origin_list,
caching_list=self.caching_list,
flavor_id=self.flavor_id,
log_delivery=self.log_delivery)
self.service_url = resp.headers["location"]
self.service_list.append(self.service_url)
self._check_https_in_location_header(self.service_url)
return self.service_url
def _check_http_not_in_links(self, body):
"""Make sure plain http: is not used in links"""
num_links = len(body['links'])
for i in range(num_links):
href = body['links'][i]['href']
self.assertNotEqual(href[0:5], 'http:')
num_links = len(body['services'][0]['links'])
for i in range(num_links):
if body['services'][0]['links'][i]['rel'] == 'self':
href = body['services'][0]['links'][i]['href']
self.assertNotEqual(href[0:5], 'http:')
def _check_https_in_location_header(self, location_url):
self.assertTrue(
location_url.startswith('https://'),
msg="{0} should start with 'https://'.".format(location_url)
)
def _cleanup_test_data(self):
for service in self.service_list:
self.client.delete_service(location=service)
if self.test_config.generate_flavors:
self.client.delete_flavor(flavor_id=self.flavor_id)
def setUp(self):
super(TestHttpsInLinkService, self).setUp()
if self.test_config.run_https_link_tests is False:
self.skipTest(
'Test secure HTTPS links Functions is '
'disabled in configuration'
)
self.addCleanup(self._cleanup_test_data)
self.service_list = []
self.flavor_id = self.test_flavor
@ddt.data(3)
def test_https_in_links(self, num):
for _ in range(num):
self._create_test_service()
url_param = {'limit': 1}
resp = self.client.list_services(param=url_param)
self.assertEqual(resp.status_code, 200)
body = resp.json()
self.assertEqual(len(body['services']), 1)
self._check_http_not_in_links(body)
# get second page
next_page_uri = urlparse.urlparse(body['links'][0]['href'])
marker = urlparse.parse_qs(next_page_uri.query)['marker'][0]
url_param = {'marker': marker, 'limit': 1}
resp = self.client.list_services(param=url_param)
self.assertEqual(resp.status_code, 200)
body = resp.json()
self.assertEqual(len(body['services']), 1)
self._check_http_not_in_links(body)
# get third page
next_page_uri = urlparse.urlparse(body['links'][0]['href'])
marker = urlparse.parse_qs(next_page_uri.query)['marker'][0]
url_param = {'marker': marker, 'limit': 1}
resp = self.client.list_services(param=url_param)
self.assertEqual(resp.status_code, 200)
body = resp.json()
self.assertEqual(len(body['services']), 1)
self._check_http_not_in_links(body)
def tearDown(self):
self._cleanup_test_data()
super(TestHttpsInLinkService, self).tearDown()

View File

@ -47,6 +47,11 @@ class TestConfig(data_interfaces.ConfigSectionInterface):
"""Boolean flag indicating if tests for operator apis should be run."""
return self.get_boolean('run_operator_tests')
@property
def run_https_link_tests(self):
"""Boolean flag indicating if secure https links should be run."""
return self.get_boolean('run_https_link_tests')
@property
def status_check_retry_interval(self):
"""Int value to set retry intervals for status check."""

View File

@ -25,6 +25,7 @@ flavor = {"flavor1": ["provider_1"], "flavor2": ["provider_2", "provider_3"]}
[test_configuration]
provider_validation=False
run_operator_tests=False
run_https_link_tests=False
status_check_retry_interval=2
status_check_retry_timeout=120
generate_flavors=False