add TLS configuration server tests #254
Conversation
aead
force-pushed
the
tls-tests
branch
2 times, most recently
from
fcb41b3
to
cb36e1d
Compare
build/tls/install.sh
Outdated
|
|
||
| test_run_dir="$MINT_RUN_TLS_DIR/go" | ||
| go get -u github.com/sirupsen/logrus/... | ||
| go build -o "$test_run_dir/server-tests" "$test_run_dir/server-tests.go" |
mint.sh
Outdated
| @@ -29,7 +29,7 @@ if [ -z "$SERVER_ENDPOINT" ]; then | |||
| fi | |||
|
|
|||
| ROOT_DIR="$PWD" | |||
| TESTS_DIR="$ROOT_DIR/run/core" | |||
| TESTS_DIR="$ROOT_DIR/run" | |||
There was a problem hiding this comment.
This is causing path issues for other tests here:https://github.com/minio/mint/blob/master/mint.sh#L116
You can add a new function run_security_test in this file, change run_test to run_core_test and call both run_core_test and run_security_test from main function, based on input parameters.
There was a problem hiding this comment.
Okay, thanks for the hint - will do that!
run/security/go/run.sh
Outdated
| error_log_file="$2" | ||
|
|
||
| # run tests | ||
| /mint/run/tls/go/server-tests 1>>"$output_log_file" 2>"$error_log_file" |
There was a problem hiding this comment.
Change the path to /mint/run/tls/security/server-tests
There was a problem hiding this comment.
Thanks, changed. But path should be mint/run/security/tls/server-tests, right?!
There was a problem hiding this comment.
yeah, SECURITY_TESTS_DIR is set to "$ROOT_DIR/run/security", so either the directory should be named /mint/run/security or SECURITY_TESTS_DIR be set to "$ROOT_DIR/run/tls"
There was a problem hiding this comment.
Well, TLS will be not the only security test. For example minio/minio#5411 was not TLS related.
So security tests under run/security - TLS is one class of security tests so run/security/tls.
Similar to multiple different SDKs under run/core.
mint.sh
Outdated
| fi | ||
| ## Run security tests | ||
| echo -e "Running security tests:\n" | ||
| run_list=( "$SECURITY_TESTS_DIR"/* ) |
There was a problem hiding this comment.
need to update the count here as well
mint.sh
Outdated
| echo -e "\nExecuted $i out of $count tests successfully." | ||
| fi | ||
| ## Run security tests | ||
| echo -e "Running security tests:\n" |
There was a problem hiding this comment.
can add a check here to run this only if ENABLE_HTTPS is set
There was a problem hiding this comment.
Added check. However if we add tests for recent V2 vulnerability we can run (some) security tests also against non-TLS endpoint. But for now it's fine I think.
mint.sh
Outdated
| @@ -29,7 +29,8 @@ if [ -z "$SERVER_ENDPOINT" ]; then | |||
| fi | |||
|
|
|||
| ROOT_DIR="$PWD" | |||
| TESTS_DIR="$ROOT_DIR/run/core" | |||
| CORE_TESTS_DIR="$ROOT_DIR/run/core" | |||
| SECURITY_TESTS_DIR="$ROOT_DIR/run/security" | |||
There was a problem hiding this comment.
core under run directory is based on mint mode (I guess). Not sure why we need one more type.
There was a problem hiding this comment.
In run/core there are all functional tests - e.g. does a PUT work properly. In run/security there are non-functional security tests - e.g. is TLS configured properly. This has nothing to do with modes (standard vs. extensive, ...).
This change adds non-functional tests to check whether a minio endpoint (TLS) is configured properly. This includes: - SSL/TLS version checks - Cipher suite checks To separate TLS tests from functional tests this change adds a new subdirectory `/run/tls`. Fixes minio#253
|
Moved security tests to |
|
Thanks @aead will test and approve |
Remove Mint secure as separate directory
This change adds non-functional tests to check whether a
minio endpoint (TLS) is configured properly.
This includes:
To separate security tests from functional tests this change adds a new subdirectory
/run/security.Fixes #253