Skip to content

More capable HTTP-serving test environment #6153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Nov 9, 2021
Merged

More capable HTTP-serving test environment #6153

merged 12 commits into from
Nov 9, 2021

Conversation

mih
Copy link
Member

@mih mih commented Nov 8, 2021
edited
Loading

  • make cross-platform compatible (was so far untested on windows)
  • more testing with less required dependency
  • make SSL/HTTPS capable
  • check if tests pass if no working SSL setup can be established (untrusted root CA etc)
  • deploy SSL-ready configuration on appveyor
  • check if tests pass with a working SSL setup
  • make auth-capable

@mih mih added the semver-internal Changes only affect the internal API label Nov 8, 2021
@mih mih mentioned this pull request Nov 8, 2021
Closed
@codecov
Copy link

codecov bot commented Nov 8, 2021
edited
Loading

Codecov Report

Merging #6153 (0db7b16) into master (de2c10a) will decrease coverage by 15.01%.
The diff coverage is 80.59%.

❗ Current head 0db7b16 differs from pull request most recent head 5ecefc2. Consider uploading reports for the commit 5ecefc2 to get more accurate results
Impacted file tree graph

@@             Coverage Diff             @@
##           master    #6153       +/-   ##
===========================================
- Coverage   89.70%   74.69%   -15.02%     
===========================================
  Files         318      318               
  Lines       41854    41876       +22     
===========================================
- Hits        37547    31280     -6267     
- Misses       4307    10596     +6289
Impacted Files Coverage Δ
datalad/distributed/tests/test_ria_basics.py 26.92% <75.00%> (-70.95%) ⬇️
datalad/tests/utils.py 87.30% <80.55%> (-1.66%) ⬇️
datalad/tests/test_tests_utils.py 95.36% <100.00%> (-3.54%) ⬇️
datalad/version.py 0.00% <0.00%> (-100.00%) ⬇️
datalad/plugin/wtf.py 0.00% <0.00%> (-100.00%) ⬇️
datalad/plugin/addurls.py 0.00% <0.00%> (-100.00%) ⬇️
datalad/plugin/__init__.py 0.00% <0.00%> (-100.00%) ⬇️
datalad/plugin/no_annex.py 0.00% <0.00%> (-100.00%) ⬇️
datalad/distribution/drop.py 0.00% <0.00%> (-100.00%) ⬇️
datalad/plugin/add_readme.py 0.00% <0.00%> (-100.00%) ⬇️
... and 141 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update de2c10a...5ecefc2. Read the comment docs.

@mih
Enable @serve_path_via_http(tmp_dir, use_ssl=True)
82ca4ae 
For this to work in a reliable way that needs no per-request fiddling,
we have to ship the entire CA/cert shebang.

A complete, pre-generated root CA, keys, and a 10-year certficiate+key
for 'localhost' URLs is shipped under `datalad/tests/ca`.

If it is detected, the internal HTTP server can be SSL-enable via the
new flag `use_ssl` (off by default).

On-startup the webserver is tested to have a functional SSL setup. If it
cannot be confirmed `SkipTest` is raised. Dedicated tests for
python-requests and stdlib-tooling are performed.

For a complete setup:

1) a root CA must be deployed

   # deploy certificate on Debian
   sudo mkdir -p /usr/local/share/ca-certificates/
   sudo cp datalad/tests/ca/ca-root.pem /usr/local/share/ca-certificates/datalad-root.crt
   sudo update-ca-certificates

2) python-requests must get the root CA in addition

   export REQUESTS_CA_BUNDLE="$(readlink -f datalad/tests/ca/ca_bundle.pem)"

   This is automatically done in `setup_package()`

Afterwards a

  `python -m nose -s -v datalad.tests.test_tests_utils:test_serve_path_via_http`

should confirm a working SSL setup.
@mih mih mentioned this pull request Nov 8, 2021
Closed
mih added 4 commits November 8, 2021 15:07
@mih
Enable preconditions for SSL/HTTPS testing on appveyor
4d85136
@mih
Support HTTP Basic Auth for serve_path_via_http
64d9d7a
@mih
Avoid deprecated functions for SSL setup
794bc31
@mih
Do not globally override requests CA bundle
3cf1039 
Only do it inside the decorator that runs our internal test HTTP server,
and only if it has SSL turned on -- in order to minimize potential
interference with regular HTTPS requests elsewhere.
mih
mih commented Nov 8, 2021
View reviewed changes
datalad/tests/ca/README
@@ -0,0 +1,33 @@
# Provenance info for the complete root CA/cert setup in this directory

password=OoTh9oM9
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this is a password. It is OK to be here.

@mih mih force-pushed the enh-httptests branch 2 times, most recently from 3c820c6 to 7343b94 Compare November 9, 2021 07:24
mih added 4 commits November 9, 2021 09:21
@mih
RF a first RIA test that may eventually run across platforms
ad6faff 
The previous strict linkage between access protocols and IO
implementation to generate test stores was pointless.
This is a general pattern that needs to be altered throughout the
codebase.
@mih
Skip test if an HTTPS server does not start up
e4addb2 
This requires a complex and fragile toolchain that is hard to
maintain or require across testing environment. Given that
HTTP vs HTTPS should not make THAT much of a difference, skip
rather than fail to keep the focus on what matters most.
@mih
Skip PEM files when spell-checking
feb058e 
Thanks @yarikoptic for the hint
@mih
RF test to avoid needless network usage
5ecefc2
@mih
Copy link
Member Author

mih commented Nov 9, 2021

I will merge this, as soon as the tests pass.

@mih mih merged commit 981aa95 into datalad:master Nov 9, 2021
@mih mih deleted the enh-httptests branch November 9, 2021 12:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
semver-internal Changes only affect the internal API
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Linter should not spell-check base64 encoded files Enhance httpserve test helpers with auth and ssl/tls
1 participant
@mih