118 lines
3.4 KiB
Python
118 lines
3.4 KiB
Python
#!/usr/bin/python3
|
|
|
|
import amulet
|
|
import pika
|
|
import time
|
|
|
|
d = amulet.Deployment(series='trusty')
|
|
|
|
d.add('rabbitmq-server')
|
|
d.expose('rabbitmq-server')
|
|
|
|
# Don't forget to expose using d.expose(service)
|
|
|
|
try:
|
|
# TODO(billy-olsen), juju test --timeout fails to pass the timeout values
|
|
# into the environment and the charm isn't the best of places to select
|
|
# a viable timeout since so muc is attributed to the environment anyways.
|
|
# Need to fix this the right way, but for now we'll bump the timeout.
|
|
d.setup(timeout=2700)
|
|
d.sentry.wait()
|
|
except amulet.helpers.TimeoutError:
|
|
amulet.raise_status(amulet.SKIP, msg="Environment wasn't stood up in time")
|
|
except:
|
|
raise
|
|
|
|
server = d.sentry.unit['rabbitmq-server/0']
|
|
host = server.info['public-address']
|
|
|
|
|
|
# Connects without ssl
|
|
try:
|
|
connection = pika.BlockingConnection(pika.ConnectionParameters(host=host,
|
|
ssl=False))
|
|
except Exception as e:
|
|
amulet.raise_status(
|
|
amulet.FAIL,
|
|
"Insecure connection failed with ssl=off: {}".format(str(e))
|
|
)
|
|
|
|
# Doesn't connect with ssl
|
|
try:
|
|
connection = pika.BlockingConnection(pika.ConnectionParameters(host=host,
|
|
ssl=True))
|
|
except Exception as e:
|
|
pass
|
|
else:
|
|
amulet.raise_status(
|
|
amulet.FAIL,
|
|
'SSL enabled when it shouldn\'t.'
|
|
)
|
|
|
|
d.configure('rabbitmq-server', {
|
|
'ssl': 'on'
|
|
})
|
|
|
|
# There's a race for changing the configuration of a deployment.
|
|
# The configure from the juju client side happens fairly quickly, and the
|
|
# sentry.wait() can fire before the config-changed hooks do, which causes
|
|
# the wait to end...
|
|
time.sleep(10)
|
|
d.sentry.wait()
|
|
|
|
# Connects without ssl
|
|
try:
|
|
connection = pika.BlockingConnection(pika.ConnectionParameters(host=host,
|
|
ssl=False))
|
|
except Exception as e:
|
|
amulet.raise_status(
|
|
amulet.FAIL,
|
|
"Insecure connection fails with ssl=on: {}".format(str(e))
|
|
)
|
|
|
|
# Connects with ssl
|
|
try:
|
|
connection = pika.BlockingConnection(pika.ConnectionParameters(host=host,
|
|
port=5671,
|
|
ssl=True))
|
|
except Exception as e:
|
|
amulet.raise_status(
|
|
amulet.FAIL,
|
|
"Secure connection fails with ssl=on"
|
|
)
|
|
|
|
d.configure('rabbitmq-server', {
|
|
'ssl': 'only'
|
|
})
|
|
|
|
# There's a race for changing the configuration of a deployment.
|
|
# The configure from the juju client side happens fairly quickly, and the
|
|
# sentry.wait() can fire before the config-changed hooks do, which causes
|
|
# the wait to end...
|
|
time.sleep(10)
|
|
d.sentry.wait()
|
|
|
|
|
|
# Doesn't connect without ssl
|
|
try:
|
|
connection = pika.BlockingConnection(pika.ConnectionParameters(host=host,
|
|
ssl=False))
|
|
except Exception as e:
|
|
pass
|
|
else:
|
|
amulet.raise_status(
|
|
amulet.FAIL,
|
|
"Connects without SSL when it shouldn't"
|
|
)
|
|
|
|
# Connects with ssl
|
|
try:
|
|
connection = pika.BlockingConnection(pika.ConnectionParameters(host=host,
|
|
port=5671,
|
|
ssl=True))
|
|
except Exception as e:
|
|
amulet.raise_status(
|
|
amulet.FAIL,
|
|
"Secure connection fails with ssl=only: {}".format(str(e))
|
|
)
|