forked from jupyterhub/the-littlest-jupyterhub
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest_traefik.py
161 lines (139 loc) · 5.71 KB
/
test_traefik.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
"""Test traefik configuration"""
import os
import toml
import pytest
from tljh import config
from tljh import traefik
def test_download_traefik(tmpdir):
traefik_bin = tmpdir.mkdir("bin").join("traefik")
traefik.ensure_traefik_binary(str(tmpdir))
assert traefik_bin.exists()
# ignore higher-order permission bits, only verify ugo permissions
assert (traefik_bin.stat().mode & 0o777) == 0o755
def test_default_config(tmpdir, tljh_dir):
state_dir = tmpdir.mkdir("state")
traefik.ensure_traefik_config(str(state_dir))
assert state_dir.join("traefik.toml").exists()
traefik_toml = os.path.join(state_dir, "traefik.toml")
with open(traefik_toml) as f:
toml_cfg = f.read()
# print config for debugging on failure
print(config.CONFIG_FILE)
print(toml_cfg)
cfg = toml.loads(toml_cfg)
assert cfg["defaultEntryPoints"] == ["http"]
assert len(cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"]) == 1
# runtime generated entry, value not testable
cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"] = [""]
assert cfg["entryPoints"] == {
"http": {"address": ":80"},
"auth_api": {
"address": "127.0.0.1:8099",
"auth": {"basic": {"users": [""]}},
"whiteList": {"sourceRange": ["127.0.0.1"]},
},
}
def test_letsencrypt_config(tljh_dir):
state_dir = config.STATE_DIR
config.set_config_value(config.CONFIG_FILE, "https.enabled", True)
config.set_config_value(
config.CONFIG_FILE, "https.letsencrypt.email", "fake@jupyter.org"
)
config.set_config_value(
config.CONFIG_FILE, "https.letsencrypt.domains", ["testing.jovyan.org"]
)
traefik.ensure_traefik_config(str(state_dir))
traefik_toml = os.path.join(state_dir, "traefik.toml")
with open(traefik_toml) as f:
toml_cfg = f.read()
# print config for debugging on failure
print(config.CONFIG_FILE)
print(toml_cfg)
cfg = toml.loads(toml_cfg)
assert cfg["defaultEntryPoints"] == ["http", "https"]
assert "acme" in cfg
assert len(cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"]) == 1
# runtime generated entry, value not testable
cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"] = [""]
assert cfg["entryPoints"] == {
"http": {"address": ":80", "redirect": {"entryPoint": "https"}},
"https": {"address": ":443", "tls": {"minVersion": "VersionTLS12"}},
"auth_api": {
"address": "127.0.0.1:8099",
"auth": {"basic": {"users": [""]}},
"whiteList": {"sourceRange": ["127.0.0.1"]},
},
}
assert cfg["acme"] == {
"email": "fake@jupyter.org",
"storage": "acme.json",
"entryPoint": "https",
"httpChallenge": {"entryPoint": "http"},
"domains": [{"main": "testing.jovyan.org"}],
}
def test_manual_ssl_config(tljh_dir):
state_dir = config.STATE_DIR
config.set_config_value(config.CONFIG_FILE, "https.enabled", True)
config.set_config_value(config.CONFIG_FILE, "https.tls.key", "/path/to/ssl.key")
config.set_config_value(config.CONFIG_FILE, "https.tls.cert", "/path/to/ssl.cert")
traefik.ensure_traefik_config(str(state_dir))
traefik_toml = os.path.join(state_dir, "traefik.toml")
with open(traefik_toml) as f:
toml_cfg = f.read()
# print config for debugging on failure
print(config.CONFIG_FILE)
print(toml_cfg)
cfg = toml.loads(toml_cfg)
assert cfg["defaultEntryPoints"] == ["http", "https"]
assert "acme" not in cfg
assert len(cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"]) == 1
# runtime generated entry, value not testable
cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"] = [""]
assert cfg["entryPoints"] == {
"http": {"address": ":80", "redirect": {"entryPoint": "https"}},
"https": {
"address": ":443",
"tls": {
"minVersion": "VersionTLS12",
"certificates": [
{"certFile": "/path/to/ssl.cert", "keyFile": "/path/to/ssl.key"}
],
},
},
"auth_api": {
"address": "127.0.0.1:8099",
"auth": {"basic": {"users": [""]}},
"whiteList": {"sourceRange": ["127.0.0.1"]},
},
}
def test_extra_config(tmpdir, tljh_dir):
extra_config_dir = os.path.join(tljh_dir, config.CONFIG_DIR, "traefik_config.d")
state_dir = tmpdir.mkdir("state")
traefik_toml = os.path.join(state_dir, "traefik.toml")
# Generate default config
traefik.ensure_traefik_config(str(state_dir))
# Read the default config
toml_cfg = toml.load(traefik_toml)
# Make sure the defaults are what we expect
assert toml_cfg["logLevel"] == "INFO"
with pytest.raises(KeyError):
toml_cfg["checkNewVersion"]
assert toml_cfg["entryPoints"]["auth_api"]["address"] == "127.0.0.1:8099"
extra_config = {
# modify existing value
"logLevel": "ERROR",
# modify existing value with multiple levels
"entryPoints": {"auth_api": {"address": "127.0.0.1:9999"}},
# add new setting
"checkNewVersion": False,
}
with open(os.path.join(extra_config_dir, "extra.toml"), "w+") as extra_config_file:
toml.dump(extra_config, extra_config_file)
# Merge the extra config with the defaults
traefik.ensure_traefik_config(str(state_dir))
# Read back the merged config
toml_cfg = toml.load(traefik_toml)
# Check that the defaults were updated by the extra config
assert toml_cfg["logLevel"] == "ERROR"
assert toml_cfg["checkNewVersion"] == False
assert toml_cfg["entryPoints"]["auth_api"]["address"] == "127.0.0.1:9999"