[add] TLS support on OSS environments, CI, Unit Tests and Flow Tests kick off for RLTest

Author: filipecosta90

.github/workflows/ci.yml

@@ -0,0 +1,123 @@
+name: CI
+
+on: [push, pull_request]
+
+jobs:
+  build-ubuntu:
+    strategy:
+      matrix:
+        platform: [ubuntu-latest, ubuntu-16.04]
+    runs-on: ${{ matrix.platform }}
+    steps:
+    - uses: actions/checkout@v2
+    - name: Install OpenSSL development libraries
+      run: sudo apt-get install -y libssl-dev
+
+    - name: Setup Python
+      uses: actions/setup-python@v1
+      with:
+        python-version: '3.6'
+
+    - name: Cache pip
+      uses: actions/cache@v1
+      with:
+        path: ~/.cache/pip # This path is specific to Ubuntu
+        # Look to see if there is a cache hit for the corresponding requirements file
+        key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }}
+        restore-keys: |
+          ${{ runner.os }}-pip-
+          ${{ runner.os }}-
+    - name: Install Python dependencies
+      run: pip install -r requirements.txt
+
+    - name: Install Redis Server test dependencies
+      run: |
+        git clone git://github.com/antirez/redis.git --branch unstable
+        cd redis
+        make BUILD_TLS=yes
+        ./utils/gen-test-certs.sh
+        ./src/redis-server --version
+        cd ..
+    - name: Unit Test with pytest
+      run: |
+        cd RLTest
+        pip install pytest
+        pytest
+        cd ..
+
+    - name: Install RLTest
+      run: |
+        pip3 install .
+
+    - name: Flow Test OSS TCP
+      run: |
+        cd tests
+        python3 -m RLTest --env oss -v --clear-logs --oss-redis-path ./../redis/src/redis-server
+        cd ..
+
+    - name: Flow Test OSS UNIX SOCKETS
+      run: |
+        cd tests
+        python3 -m RLTest --env oss -v --clear-logs --oss-redis-path ./../redis/src/redis-server
+        cd ..
+
+    - name: Flow Test OSS TCP SLAVES
+      run: |
+        cd tests
+        python3 -m RLTest --env oss -v --unix --clear-logs --oss-redis-path ./../redis/src/redis-server
+        cd ..
+
+    - name: Flow Test OSS-CLUSTER TCP
+      run: |
+        cd tests
+        python3 -m RLTest --env oss-cluster -v --clear-logs --shards-count 3 --oss-redis-path ./../redis/src/redis-server
+        cd ..
+
+    - name: Flow Test OSS TCP with TLS
+      run: |
+        cd tests
+        python3 -m RLTest --env oss -v --clear-logs \
+        --oss-redis-path ./../redis/src/redis-server \
+        --tls-cert-file ./../redis/tests/tls/redis.crt \
+        --tls-key-file ./../redis/tests/tls/redis.key \
+        --tls-ca-cert-file ./../redis/tests/tls/ca.crt \
+        --tls
+        cd ..
+
+    - name: Flow Test OSS-CLUSTER with TLS
+      run: |
+        cd tests
+        python3 -m RLTest --env oss-cluster --shards-count 3 -v --clear-logs \
+        --oss-redis-path ./../redis/src/redis-server \
+        --tls-cert-file ./../redis/tests/tls/redis.crt \
+        --tls-key-file ./../redis/tests/tls/redis.key \
+        --tls-ca-cert-file ./../redis/tests/tls/ca.crt \
+        --tls
+        cd ..
+
+    - name: Flow Test OSS-CLUSTER with SLAVES and TLS
+      run: |
+        cd tests
+        python3 -m RLTest --env oss-cluster --shards-count 3 --use-slaves -v --clear-logs \
+        --oss-redis-path ./../redis/src/redis-server \
+        --tls-cert-file ./../redis/tests/tls/redis.crt \
+        --tls-key-file ./../redis/tests/tls/redis.key \
+        --tls-ca-cert-file ./../redis/tests/tls/ca.crt \
+        --tls
+        cd ..
+
+    - name: Generate coverage report
+      run: |
+        cd RLTest
+        pip install pytest
+        pip install pytest-cov
+        pytest --cov=./ --cov-report=xml
+
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v1
+      with:
+        token: ${{ secrets.CODECOV_TOKEN }}
+        file: ./RLTest/coverage.xml
+        flags: unittests
+        name: codecov-umbrella
+        fail_ci_if_error: true

.gitignore

@@ -102,3 +102,6 @@ venv.bak/
 
 # mypy
 .mypy_cache/
+
+# Covers JetBrains PyCharm
+.idea

README.md

@@ -1,10 +1,13 @@
 # RLTest
+![CI](https://github.com/RedisLabsModules/RLTest/workflows/CI/badge.svg)
+
 Redis Labs Test Framework, allow to run tests on redis and modules on verity of environments.
 
 Supported Environment: oss, oss-cluster, enterprise, enterprise-cluster
 
 The framework allow you to write a test without environment specification and then run the test on all supported environment.
 
+
 # Install
 ```
 $ pip install git+https://github.com/RedisLabsModules/RLTest.git@master

RLTest/__main__.py

@@ -250,6 +250,17 @@ def do_normal_conn(self, line):
     '--collect-only', action='store_true',
     help='Collect the tests and exit')
 
+parser.add_argument('--tls', help='Enable TLS Support and disable the non-TLS port completely. TLS connections will be available at the default non-TLS ports.',
+                    default=False, action='store_true')
+
+parser.add_argument(
+    '--tls-cert-file', default=None, help='/path/to/redis.crt')
+
+parser.add_argument(
+    '--tls-key-file', default=None, help='/path/to/redis.key')
+
+parser.add_argument(
+    '--tls-ca-cert-file', default=None, help='/path/to/ca.crt')
 
 class EnvScopeGuard:
     def __init__(self, runner):
@@ -354,6 +365,10 @@ def __init__(self):
         Defaults.external_addr = self.args.existing_env_addr
         Defaults.use_unix = self.args.unix
         Defaults.randomize_ports = self.args.randomize_ports
+        Defaults.use_TLS = self.args.tls
+        Defaults.tls_cert_file = self.args.tls_cert_file
+        Defaults.tls_key_file = self.args.tls_key_file
+        Defaults.tls_ca_cert_file = self.args.tls_ca_cert_file
         if Defaults.use_unix and Defaults.use_slaves:
             raise Exception('Cannot use unix sockets with slaves')
 

RLTest/env.py

@@ -107,6 +107,10 @@ class Defaults:
     re_binary = None
     re_libdir = None
     use_aof = False
+    use_TLS = False
+    tls_cert_file = None
+    tls_key_file = None
+    tls_ca_cert_file = None
     debugger = None
     debug_print = False
     debug_pause = False
@@ -135,7 +139,7 @@ def compareEnvs(self, env):
 
     def __init__(self, testName=None, testDescription=None, module=None,
                  moduleArgs=None, env=None, useSlaves=None, shardsCount=None,
-                 useAof=None, forceTcp=False):
+                 useAof=None, forceTcp=False, useTLS=False, tlsCertFile=None, tlsKeyFile=None, tlsCaCertFile=None ):
         self.testName = testName if testName else '%s.%s' % (inspect.getmodule(inspect.currentframe().f_back).__name__, inspect.currentframe().f_back.f_code.co_name)
         self.testName = self.testName.replace(' ', '_')
 
@@ -152,6 +156,10 @@ def __init__(self, testName=None, testDescription=None, module=None,
         self.logDir = Defaults.logdir
         self.forceTcp = forceTcp
         self.debugger = Defaults.debugger
+        self.useTLS = useTLS if useTLS else Defaults.use_TLS
+        self.tlsCertFile = tlsCertFile if tlsCertFile else Defaults.tls_cert_file
+        self.tlsKeyFile = tlsKeyFile if tlsKeyFile else Defaults.tls_key_file
+        self.tlsCaCertFile = tlsCaCertFile if tlsCaCertFile else Defaults.tls_ca_cert_file
 
         self.assertionFailedSummary = []
 
@@ -187,7 +195,11 @@ def getEnvByName(self):
             'dbDirPath': self.logDir,
             'debugger': Defaults.debugger,
             'noCatch': Defaults.no_capture_output,
-            'verbose' : Defaults.verbose
+            'verbose' : Defaults.verbose,
+            'useTLS': self.useTLS,
+            'tlsCertFile': self.tlsCertFile,
+            'tlsKeyFile' : self.tlsKeyFile,
+            'tlsCaCertFile' : self.tlsCaCertFile,
         }
 
         single_args = {}

RLTest/redis_cluster.py

@@ -1,6 +1,5 @@
 from __future__ import print_function
 from .redis_std import StandardEnv
-import redis
 import rediscluster
 import time
 from RLTest.utils import Colors
@@ -14,6 +13,7 @@ def __init__(self, **kwargs):
         self.moduleArgs = kwargs['moduleArgs']
         self.shardsCount = kwargs.pop('shardsCount')
         useSlaves = kwargs.get('useSlaves', False)
+        self.useTLS = kwargs['useTLS']
         startPort = 20000
         totalRedises = self.shardsCount * (2 if useSlaves else 1)
         randomizePorts = kwargs.pop('randomizePorts', False)
@@ -97,8 +97,19 @@ def getConnection(self, shardId=1):
         return self.shards[shardId - 1].getConnection()
 
     def getClusterConnection(self):
-        return rediscluster.RedisCluster(startup_nodes=[{'host': 'localhost', 'port': self.shards[0].getMasterPort()}],
-                                         decode_responses=True)
+        if self.useTLS:
+            return rediscluster.RedisCluster(startup_nodes=[{'host': 'localhost', 'port': self.shards[0].getMasterPort()}],
+                decode_responses=True,
+                ssl=self.useTLS,
+                ssl_keyfile=self.shards[0].getTLSKeyFile(),
+                ssl_certfile=self.shards[0].getTLSCertFile(),
+                ssl_cert_reqs='required',
+                ssl_ca_certs=self.shards[0].getTLSCACertFile(),
+                )
+        else:
+            return rediscluster.RedisCluster(
+                startup_nodes=[{'host': 'localhost', 'port': self.shards[0].getMasterPort()}],
+                decode_responses=True )
 
     def getSlaveConnection(self):
         raise Exception('unsupported')
@@ -152,6 +163,9 @@ def isUnixSocket(self):
     def isTcp(self):
         return True
 
+    def isTLS(self):
+        return self.useTLS
+
     def exists(self, val):
         return self.getClusterConnection().exists(val)
 

RLTest/redis_std.py

@@ -15,7 +15,7 @@
 class StandardEnv(object):
     def __init__(self, redisBinaryPath, port=6379, modulePath=None, moduleArgs=None, outputFilesFormat=None,
                  dbDirPath=None, useSlaves=False, serverId=1, password=None, libPath=None, clusterEnabled=False,
-                 useAof=False, debugger=None, noCatch=False, unix=False, verbose=False):
+                 useAof=False, debugger=None, noCatch=False, unix=False, verbose=False, useTLS=False, tlsCertFile=None, tlsKeyFile=None, tlsCaCertFile=None ):
         self.uuid = uuid.uuid4().hex
         self.redisBinaryPath = os.path.expanduser(redisBinaryPath) if redisBinaryPath.startswith('~/') else redisBinaryPath
         self.modulePath = os.path.abspath(modulePath) if modulePath else None
@@ -38,6 +38,10 @@ def __init__(self, redisBinaryPath, port=6379, modulePath=None, moduleArgs=None,
         self.slaveExitCode = None
         self.verbose = verbose
         self.role = MASTER
+        self.useTLS = useTLS
+        self.tlsCertFile = tlsCertFile
+        self.tlsKeyFile = tlsKeyFile
+        self.tlsCaCertFile = tlsCaCertFile
 
         if port > 0:
             self.port = port
@@ -57,6 +61,22 @@ def __init__(self, redisBinaryPath, port=6379, modulePath=None, moduleArgs=None,
         if self.has_interactive_debugger:
             assert self.noCatch and not self.useSlaves and not self.clusterEnabled
 
+        if self.useTLS:
+            if self.useUnix:
+                raise ValueError('Unix sockets cannot be used with TLS enabled mode')
+            if self.tlsCertFile is None:
+                raise ValueError('When useTLS option is True tlsCertFile must be defined')
+            if os.path.isfile(self.tlsCertFile) is False:
+                raise ValueError('When useTLS option is True tlsCertFile must exist. specified path {}'.format(self.tlsCertFile))
+            if self.tlsKeyFile is None:
+                raise ValueError('When useTLS option is True tlsKeyFile must be defined')
+            if os.path.isfile(self.tlsKeyFile) is False:
+                raise ValueError('When useTLS option is True tlsKeyFile must exist. specified path {}'.format(self.tlsKeyFile))
+            if self.tlsCaCertFile is None:
+                raise ValueError('When useTLS option is True tlsCaCertFile must be defined')
+            if os.path.isfile(self.tlsCaCertFile) is False:
+                raise ValueError('When useTLS option is True tlsCaCertFile must exist. specified path {}'.format(self.tlsCaCertFile))
+
         if libPath:
             self.libPath = os.path.expanduser(libPath) if libPath.startswith('~/') else libPath
         else:
@@ -88,6 +108,15 @@ def getUnixPath(self, role):
         basename = '{}-{}.sock'.format(self.uuid, role)
         return os.path.abspath(os.path.join(self.dbDirPath, basename))
 
+    def getTLSCertFile(self):
+        return os.path.abspath(self.tlsCertFile)
+
+    def getTLSKeyFile(self):
+        return os.path.abspath(self.tlsKeyFile)
+
+    def getTLSCACertFile(self):
+        return os.path.abspath(self.tlsCaCertFile)
+
     @property
     def has_interactive_debugger(self):
         return self.debugger and self.debugger.is_interactive
@@ -98,8 +127,11 @@ def createCmdArgs(self, role):
             cmdArgs += self.debugger.generate_command(self._getVlgrindFilePath(role) if not self.noCatch else None)
 
         cmdArgs += [self.redisBinaryPath]
-        if self.port > -1:
-            cmdArgs += ['--port', str(self.getPort(role))]
+        if self.port > -1 :
+            if self.useTLS:
+                cmdArgs += ['--port', str(0), '--tls-port', str(self.getPort(role))]
+            else:
+                cmdArgs += ['--port', str(self.getPort(role))]
         else:
             cmdArgs += ['--port', str(0), '--unixsocket', self.getUnixPath(role)]
         if self.modulePath:
@@ -121,11 +153,18 @@ def createCmdArgs(self, role):
         if self.clusterEnabled and role is not SLAVE:
             cmdArgs += ['--cluster-enabled', 'yes', '--cluster-config-file', self._getFileName(role, '.cluster.conf'),
                         '--cluster-node-timeout', '5000']
+            if self.useTLS:
+                cmdArgs += ['--tls-cluster', 'yes']
         if self.useAof:
             cmdArgs += ['--appendonly yes']
             cmdArgs += ['--appendfilename', self._getFileName(role, '.aof')]
             cmdArgs += ['--aof-use-rdb-preamble', 'yes']
 
+        if self.useTLS:
+            cmdArgs += ['--tls-cert-file', self.getTLSCertFile()]
+            cmdArgs += ['--tls-key-file', self.getTLSKeyFile()]
+            cmdArgs += ['--tls-ca-cert-file', self.getTLSCACertFile()]
+
         return cmdArgs
 
     def waitForRedisToStart(self, con):
@@ -160,6 +199,10 @@ def _printEnvData(self, prefix='', role=MASTER):
             print(Colors.Yellow(prefix + 'db dir path: %s' % (self.dbDirPath)))
         if self.libPath:
             print(Colors.Yellow(prefix + 'library path: %s' % (self.libPath)))
+        if self.useTLS:
+            print(Colors.Yellow(prefix + 'TLS Cert File: %s' % (self.getTLSCertFile())))
+            print(Colors.Yellow(prefix + 'TLS Key File: %s' % (self.getTLSKeyFile())))
+            print(Colors.Yellow(prefix + 'TLS CA Cert File: %s' % (self.getTLSCACertFile())))
 
     def printEnvData(self, prefix=''):
         print(Colors.Yellow(prefix + 'master:'))
@@ -258,6 +301,15 @@ def _getConnection(self, role):
         if self.useUnix:
             return redis.StrictRedis(unix_socket_path=self.getUnixPath(role),
                                      password=self.password)
+        elif self.useTLS:
+            return redis.StrictRedis('localhost', self.getPort(role),
+                                     password=self.password,
+                                     ssl=self.useTLS,
+                                     ssl_keyfile=self.getTLSKeyFile(),
+                                     ssl_certfile=self.getTLSCertFile(),
+                                     ssl_cert_reqs='required',
+                                     ssl_ca_certs=self.getTLSCACertFile(),
+                                     )
         else:
             return redis.StrictRedis('localhost', self.getPort(role),
                                      password=self.password)
@@ -347,6 +399,9 @@ def isUnixSocket(self):
     def isTcp(self):
         return not(self.useUnix)
 
+    def isTLS(self):
+        return self.useTLS
+
     def exists(self, val):
         return self.getConnection().exists(val)