README.md

# `ngx_http_voms_module` Testing 

## Description

Setup and files to test the *ngx_http_voms_module* are contained in the `t` folder. The [Openresty data-driven testsuite](https://openresty.gitbooks.io/programming-openresty/content/testing/) has been adopted for testing.

### Test fixture setup 

All the certificates, proxy certificates, trust-anchors directory, LSC files, etc., needed for the tests are automatically created by the `t/setup.sh` script. It uses utilities contained in the [helper-scripts](https://baltig.infn.it/mw-devel/helper-scripts) repo, in particulare in the `x509-scripts` subdirectory, and the VOMS clients. Certificates and proxies are described in configuration files `t/openssl.conf`, `t/conf.d/*` and `t/proxies.d/*`.

The `helper-scripts` repo needs to be cloned somewhere locally and its X509 scripts made available in the PATH:

```shell
$ git clone https://baltig.infn.it/mw-devel/helper-scripts.git
$ PATH=$(pwd)/helper-scripts/x509-scripts/scripts:$PATH
```

Then, to setup, just run:

```shell
$(cd t && ./setup.sh)
```

### Running Tests

To run the tests made available in `t` just type

```shell
$ prove
```

from `t`'s parent directory.

The `prove` command creates a directory called `servroot` in `t`, so if the `t` folder is accessible read-only, for
example in a docker container, just make a copy somewhere else and run the tests from there:

```shell
cp -r t /tmp
cd /tmp
prove
```

Note: the alert below is unavoidable, but it doesn't affect the tests.

```
[alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
```

### Testing directly the Nginx server

You can reuse the config file `t/servroot/conf/nginx.conf` produced by `test::Nginx`, which contains something like

```
...
http {
    ...
    client_body_temp_path /tmp/client_temp;
    proxy_temp_path       /tmp/proxy_temp_path;
    fastcgi_temp_path     /tmp/fastcgi_temp;
    uwsgi_temp_path       /tmp/uwsgi_temp;
    scgi_temp_path        /tmp/scgi_temp;
    server {
        error_log logs/error.log debug;
        listen 8443 ssl;
        ssl_certificate ../../certs/star_test_example.cert.pem;
        ssl_certificate_key ../../certs/star_test_example.key.pem;
        ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
        ssl_verify_depth 10;
        ssl_verify_client on;
        location = / {
            default_type text/plain;
            return 200 "$voms_user";
        }
    }
    ...
}
```

You may want to change the configuration so that the log goes to standard output instead of to a log file:

```
server {
    error_log /dev/stdout debug;
    ...
```

Start nginx:

```shell
$ nginx -c conf/nginx.conf -p t/servroot/ -elogs/error.log
```

Modify (as root) `/etc/hosts` so that `nginx-voms.test.example` is an alias for `localhost`:

```
127.0.0.1	localhost nginx-voms.test.example
```

Then run for example `curl`, calling directly the HTTPS endpoint:

```shell
$ curl https://nginx-voms.test.example:8443 --cert t/certs/3.pem --capath t/trust-anchors --cacert t/certs/3.cert.pem
```