Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • almalinux
  • 29-rebase-on-openresty-1-21-4-1
3 results
Compare
Forked from cnafsd / ngx_http_voms_module
165 commits behind the upstream repository.
Name Last commit Last update
..
certs
trust-anchors
vomsdir/test.vo
README.md
eec_cert.t
eec_chain.t
eec_subject.t
encoding.t
expired.t
expired_ac.t
no_ac.t
no_ssl.t
no_ta.t
ssl_log_voms_plain_http.t
ssl_no_client_authn.t
untrusted_ac.t
valid_ac.t
vomses
README.md

ngx_http_voms_module Testing

Description

Setup and files to test the ngx_http_voms_module are contained in the t folder. The Openresty data-driven testsuite has been adopted for testing.

Test fixture setup

All the certificates and proxy certificates used in the tests are in the certs folder (see that README for further details), while trust-anchors (e.g. igi-test-ca.pem) are in the trust-anchors folder.

vomses is the vomses file needed for the generation of proxy certificates.

The LSC file voms.example.lsc, needed to perform correctly the VOMS AC validation, is in the vomsdir/test.vo folder.

Running Tests

To run the tests made available in t just type

$ prove -v

from t' s parent directory.

The prove command creates a directory called servroot in t, so if the t folder is accessible read-only, for example in a docker container, just make a copy somewhere else and run the tests from there:

cp -r t /tmp
cd /tmp
prove -v

Test coverage

To enable test coverage pass the --coverage option to both the compiler and the linker. For example:

$ ./configure ${RESTY_CONFIG_OPTIONS} --add-module=../ngx_http_voms_module --with-debug --with-cc-opt="-g -Og --coverage" --with-ld-opt="--coverage"
$ make && make install

The above command generates data files aside the source files for all Nginx. To enable coverage only for ngx_http_voms_module the --coverage option should be passed only when compiling ngx_http_voms_module.cpp, adding the option to config.make.

Running the tests will then create other data files with coverage information. To view that information, run gcov <object file>, e.g. gcov .../objs/addon/src/ngx_http_voms_module.o. This will produce files with the .gcov extension in the current directory.

Testing directly the Nginx server

You can reuse the config file t/servroot/conf/nginx.conf produced by test::Nginx, which contains something like

server {
    listen 8443 ssl;
    server_name     nginx-voms.example;
    ssl_certificate ../../certs/nginx_voms_example.cert.pem;
    ssl_certificate_key ./certs/nginx_voms_example.key.pem;
    ssl_client_certificate ./trust-anchors/igi-test-ca.pem;
    ssl_verify_depth 10;
    ssl_verify_client on;
    location = / {
        echo user: $voms_user;
    }
}

You may want to change the configuration so that the log goes to standard output instead of to a log file:

server {
    error_log /dev/stdout debug;
    ...

Start nginx:

$ nginx -p t/servroot

Modify (as root) /etc/hosts so that nginx-voms.example is an alias for localhost:

127.0.0.1	localhost nginx-voms.example

Then run for example curl, calling directly the HTTPS endpoint:

$ curl https://nginx-voms.example:8443 --cert t/certs/3.pem --capath t/trust-anchors --cacert t/certs/3.cert.pem