diff --git a/test/config-next/va-remote-a.json b/test/config-next/va-remote-a.json index 5c8ddbfaf080..aceb323c3837 100644 --- a/test/config-next/va-remote-a.json +++ b/test/config-next/va-remote-a.json @@ -1,7 +1,7 @@ { "va": { "CAASERVFAILExceptions": "test/caa-servfail-exceptions.txt", - "userAgent": "boulder", + "userAgent": "boulder-remote-a", "debugAddr": ":8011", "portConfig": { "httpPort": 5002, diff --git a/test/config-next/va-remote-b.json b/test/config-next/va-remote-b.json index b56ac9e4f64d..b80e17289601 100644 --- a/test/config-next/va-remote-b.json +++ b/test/config-next/va-remote-b.json @@ -1,7 +1,7 @@ { "va": { "CAASERVFAILExceptions": "test/caa-servfail-exceptions.txt", - "userAgent": "boulder", + "userAgent": "boulder-remote-b", "debugAddr": ":8012", "portConfig": { "httpPort": 5002, diff --git a/test/v2_integration.py b/test/v2_integration.py index ca3538a8c8e1..0a41f50ed66b 100644 --- a/test/v2_integration.py +++ b/test/v2_integration.py @@ -579,13 +579,15 @@ def json_dumps(self, indent=None): chisel2.expect_problem("urn:ietf:params:acme:error:accountDoesNotExist", lambda: other_client.net.post(other_client.directory['newAccount'], newAcct, acme_version=2)) -def BouncerHTTPRequestHandler(redirect, vips=1): +def BouncerHTTPRequestHandler(redirect, guestlist): """ BouncerHTTPRequestHandler returns a BouncerHandler class that acts like a club bouncer in front of another server. The bouncer will respond to the - first VIP GET requests by sending an HTTP redirect to the real - server. After all the VIP requests have been received all other requests - get a bogus result and have to stand outside in the cold + GET requests by looking up the allowed number of requests in the guestlist + for the User-Agent making the request. If there is at least one guestlist + spot for that UA it will be redirected to the real server and the + guestlist decremented. Once the guestlist spots for a UA are expended + requests will get a bogus result and have to stand outside in the cold """ class BouncerHandler(BaseHTTPRequestHandler): def __init__(self, *args, **kwargs): @@ -597,22 +599,24 @@ def do_HEAD(self): self.end_headers() def do_GET(self): - # If less than vips requests have been received, decrement vips and - # redirect the VIP request to the redirect URL - if BouncerHandler.vips > 0: - BouncerHandler.vips = BouncerHandler.vips - 1 - self.log_message("BouncerHandler redirecting VIP request to the venue") + ua = self.headers['User-Agent'] + guestlistAllows = BouncerHandler.guestlist.get(ua, 0) + # If there is still space on the guestlist for this UA then redirect + # the request and decrement the guestlist. + if guestlistAllows > 0: + BouncerHandler.guestlist[ua] -= 1 + self.log_message("BouncerHandler UA {0} is on the Guestlist. {1} requests remaining.".format(ua, BouncerHandler.guestlist[ua])) self.send_response(302) self.send_header("Location", BouncerHandler.redirect) self.end_headers() # Otherwise return a bogus result else: - self.log_message("BouncerHandler sending non-VIP request to the curb") + self.log_message("BouncerHandler UA {0} has no requests on the Guestlist. Sending request to the curb".format(ua)) self.send_response(200) self.end_headers() self.wfile.write(b'(• ◡ •) <( VIPs only! )') - BouncerHandler.vips = vips + BouncerHandler.guestlist = guestlist BouncerHandler.redirect = redirect return BouncerHandler @@ -628,7 +632,7 @@ def wait_for_server(addr): pass time.sleep(0.5) -def multiva_setup(client, bounceFirst=1): +def multiva_setup(client, guestlist): """ Create a testing hostname and the multiva server setup. This will block until the server is ready. The returned cleanup function should be used to @@ -671,7 +675,7 @@ def multiva_setup(client, bounceFirst=1): # server for this test and add a mock DNS entry that directs the VA to it. redirect = "http://{0}/.well-known/acme-challenge/{1}".format( redirHostname, token) - httpd = HTTPServer(('10.88.88.88', 5002), BouncerHTTPRequestHandler(redirect, bounceFirst)) + httpd = HTTPServer(('10.88.88.88', 5002), BouncerHTTPRequestHandler(redirect, guestlist)) thread = threading.Thread(target = httpd.serve_forever) thread.daemon = False thread.start() @@ -698,19 +702,19 @@ def test_http_multiva_threshold_pass(): client = chisel2.make_client() - # These values should match the config in `config-next/va.json` - remoteVAs = 2 - maxFailures = 1 + # Configure a guestlist that will pass the multiVA threshold test by + # allowing the primary VA and one remote. + guestlist = {"boulder": 1, "boulder-remote-b": 1} - # Configure a bounceFirst value that will pass the multiVA threshold test. - bounceFirst = (remoteVAs - maxFailures) + 1 - - hostname, cleanup = multiva_setup(client, bounceFirst) + hostname, cleanup = multiva_setup(client, guestlist) try: # With the maximum number of allowed remote VA failures the overall # challenge should still succeed. chisel2.auth_and_issue([hostname], client=client, chall_type="http-01") + except errors.ValidationError, ee: + print "Gosh darn it" + print ee finally: cleanup() @@ -722,11 +726,11 @@ def test_http_multiva_threshold_fail(): client = chisel2.make_client() - # Configure a bounceFirst value that will fail the multiVA threshold test by - # only redirecting the primary VA. - bounceFirst = 1 + # Configure a guestlist that will fail the multiVA threshold test by + # only allowing the primary VA. + guestlist = {"boulder": 1} - hostname, cleanup = multiva_setup(client, bounceFirst) + hostname, cleanup = multiva_setup(client, guestlist) try: chisel2.auth_and_issue([hostname], client=client, chall_type="http-01")