From 8389caa2bb0b5a10958c02702a2ded3c1fba2bf5 Mon Sep 17 00:00:00 2001 From: Rob Rudin Date: Fri, 23 Jun 2023 11:41:21 -0400 Subject: [PATCH] Added simple SSL test --- CODEOWNERS | 5 ++++ CONTRIBUTING.md | 8 +++++++ test-app/build.gradle | 11 ++++++++- .../certificate-templates/template.xml | 17 ++++++++++++++ .../security/users/python-test-user.json | 10 ++++++++ .../main/ml-config/servers/ssl-server.json | 16 +++++++++++++ tests/test_search.py | 5 ++-- tests/test_ssl.py | 23 +++++++++++++++++++ 8 files changed, 92 insertions(+), 3 deletions(-) create mode 100644 CODEOWNERS create mode 100644 test-app/src/main/ml-config/security/certificate-templates/template.xml create mode 100644 test-app/src/main/ml-config/security/users/python-test-user.json create mode 100644 test-app/src/main/ml-config/servers/ssl-server.json create mode 100644 tests/test_ssl.py diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000..0a2d67e --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,5 @@ +# Lines starting with '#' are comments. +# Each line is a file pattern followed by one or more owners. + +# These owners will be the default owners for everything in the repo. +* @anu3990 @billfarber @rjrudin diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f05dd44..29ca2fe 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -17,3 +17,11 @@ To run the tests: - Run `./gradlew -i mlDeploy` - `cd ..` - Run `pytest` + +To run an individual test with logging to stdout: + + pytest -s tests/test_search.py + +To run an individual test method: + + pytest -s test/test_search.py::test_search \ No newline at end of file diff --git a/test-app/build.gradle b/test-app/build.gradle index ef46307..7b30706 100644 --- a/test-app/build.gradle +++ b/test-app/build.gradle @@ -1,4 +1,13 @@ plugins { id 'net.saliman.properties' version '1.5.2' id 'com.marklogic.ml-gradle' version '4.5.2' -} \ No newline at end of file +} + +// Generate a temporary certificate for some simple SSL tests +ext { + def command = new com.marklogic.appdeployer.command.security.GenerateTemporaryCertificateCommand() + command.setTemplateIdOrName("python-test-ssl-template") + command.setCommonName("localhost") + command.setValidFor(365) + mlAppDeployer.commands.add(command) +} diff --git a/test-app/src/main/ml-config/security/certificate-templates/template.xml b/test-app/src/main/ml-config/security/certificate-templates/template.xml new file mode 100644 index 0000000..4cc9390 --- /dev/null +++ b/test-app/src/main/ml-config/security/certificate-templates/template.xml @@ -0,0 +1,17 @@ + + python-test-ssl-template + Used for marklogic-python-client testing + rsa + + + 0 + + US + VA + McLean + MarkLogic + Engineering + python@marklogic.com + + + \ No newline at end of file diff --git a/test-app/src/main/ml-config/security/users/python-test-user.json b/test-app/src/main/ml-config/security/users/python-test-user.json new file mode 100644 index 0000000..f75f5ce --- /dev/null +++ b/test-app/src/main/ml-config/security/users/python-test-user.json @@ -0,0 +1,10 @@ +{ + "user-name": "python-test-user", + "password": "password", + "role": [ + "rest-reader", + "rest-writer", + "qconsole-user" + ] + } + \ No newline at end of file diff --git a/test-app/src/main/ml-config/servers/ssl-server.json b/test-app/src/main/ml-config/servers/ssl-server.json new file mode 100644 index 0000000..244ba39 --- /dev/null +++ b/test-app/src/main/ml-config/servers/ssl-server.json @@ -0,0 +1,16 @@ +{ + "server-name" : "%%NAME%%-ssl", + "group-name" : "Default", + "server-type" : "http", + "enabled" : true, + "root" : "/", + "port" : 8031, + "authentication" : "digestbasic", + "content-database" : "%%DATABASE%%", + "modules-database" : "%%MODULES_DATABASE%%", + "ssl-certificate-template": "python-test-ssl-template", + "url-rewriter": "/MarkLogic/rest-api/rewriter.xml", + "error-handler": "/MarkLogic/rest-api/error-handler.xqy", + "rewrite-resolves-globally": true + } + \ No newline at end of file diff --git a/tests/test_search.py b/tests/test_search.py index e4e4536..3210205 100644 --- a/tests/test_search.py +++ b/tests/test_search.py @@ -2,9 +2,10 @@ from requests.auth import HTTPDigestAuth -def test_get_search_response_with_no_args(): +def test_search(): response = requests.get( - "http://localhost:8030/v1/search", auth=HTTPDigestAuth("admin", "admin") + "http://localhost:8030/v1/search", + auth=HTTPDigestAuth("python-test-user", "password") ) assert 200 == response.status_code assert "application/xml; charset=utf-8" == response.headers["Content-type"] diff --git a/tests/test_ssl.py b/tests/test_ssl.py new file mode 100644 index 0000000..6b31cb1 --- /dev/null +++ b/tests/test_ssl.py @@ -0,0 +1,23 @@ +import requests + + +def test_verify_false(): + """ + The certificate verification in requests is fairly picky; while it's possible to disable + hostname validation, I did not find a way to ask it to not care about self-signed certificates. + So for now, this is just verifying that verify=False works with a MarkLogic app server that is + using a self-signed certificate. In the real world, a customer would have a real certificate and + would configure "verify" to point to that. + """ + response = requests.get( + "https://localhost:8031/v1/search", + auth=("python-test-user", "password"), + verify=False, + headers={"Accept": "application/json"}, + ) + assert 200 == response.status_code + assert "application/json; charset=utf-8" == response.headers["Content-type"] + data = response.json() + assert ( + 10 == data["page-length"] + ), "Just verifying that a JSON search response is returned"