Commit 668dbc0d authored by Killian Lufau's avatar Killian Lufau

demo: test HMAC initialization

Disabling the creation of a HMAC key when setting up a new network
allows to test that introduction of HMAC on a HMAC-less network works.
parent 7eff8b2e
...@@ -313,11 +313,22 @@ class testHMAC(Thread): ...@@ -313,11 +313,22 @@ class testHMAC(Thread):
m_net2 = ['registry2', 'm10'] m_net2 = ['registry2', 'm10']
print 'Testing HMAC, letting the time to machines to create tunnels...' print 'Testing HMAC, letting the time to machines to create tunnels...'
time.sleep(45) time.sleep(45)
print 'Check that the initial HMAC config is deployed on network 1' print 'Test that the HMAC initialization works...'
test_hmac.killRe6st('m4')
print 'Re6st on machine 4 is stopped'
time.sleep(5)
registry.screen('wget http://10.0.0.2/updateHMAC')
print 'Initialized HMAC (config= hmac1 & hmac2=\'\'), waiting...'
time.sleep(45)
new_node(machine4, 'm4', '-i%s' % m4_if_0.name,
None, 'http://%s/' % REGISTRY)
print 'Started re6st on machine 4, waiting for it to get new conf'
time.sleep(60)
print ('Check that all nodes now use HMAC, m4 should also be updated')
test_hmac.checkHMAC(reg1_db, m_net1) test_hmac.checkHMAC(reg1_db, m_net1)
print 'Test that a HMAC update works with nodes that are up' print 'Test that a HMAC update works with nodes that are up'
registry.screen('wget http://10.0.0.2/updateHMAC') registry.screen('wget http://10.0.0.2/updateHMAC')
print 'Updated HMAC (config = hmac0 & hmac1), waiting...' print 'Updated HMAC (config = hmac0), waiting...'
time.sleep(60) time.sleep(60)
print 'Checking HMAC on machines connected to registry 1...' print 'Checking HMAC on machines connected to registry 1...'
test_hmac.checkHMAC(reg1_db, m_net1) test_hmac.checkHMAC(reg1_db, m_net1)
...@@ -327,7 +338,7 @@ class testHMAC(Thread): ...@@ -327,7 +338,7 @@ class testHMAC(Thread):
print 'Re6st on machine 1 is stopped' print 'Re6st on machine 1 is stopped'
time.sleep(5) time.sleep(5)
registry.screen('wget http://10.0.0.2/updateHMAC') registry.screen('wget http://10.0.0.2/updateHMAC')
print 'Updated HMAC on registry (config = hmac1 & hmac2), waiting...' print 'Updated HMAC on registry (config = hmac0 & hmac1), waiting...'
time.sleep(60) time.sleep(60)
new_node(machine1, 'm1', '-I%s' % m1_if_0.name, new_node(machine1, 'm1', '-I%s' % m1_if_0.name,
None, 'http://%s/' % REGISTRY) None, 'http://%s/' % REGISTRY)
......
...@@ -35,6 +35,14 @@ def checkHMAC(db, machines): ...@@ -35,6 +35,14 @@ def checkHMAC(db, machines):
else: # state = hmac1 and hmac2 else: # state = hmac1 and hmac2
sign = 'babel_hmac1' sign = 'babel_hmac1'
accept = 'babel_hmac2' accept = 'babel_hmac2'
if hmac['babel_hmac1'] and hmac['babel_hmac2'] == '': # init
if('sign' not in p or
('no_hmac_verify true' not in p
and 'ignore_no_hmac' not in p) or
p.split('sign value ',1)[1].split()[0] != hmac[sign]):
rc = False
print 'HMAC config wrong in %s' % p
else:
if ('accept' not in p or if ('accept' not in p or
'sign' not in p or 'sign' not in p or
p.split('sign value ',1)[1].split()[0] != hmac[sign] or p.split('sign value ',1)[1].split()[0] != hmac[sign] or
......
...@@ -103,8 +103,6 @@ class RegistryServer(object): ...@@ -103,8 +103,6 @@ class RegistryServer(object):
if self.prefix: if self.prefix:
with self.db: with self.db:
self.updateNetworkConfig() self.updateNetworkConfig()
else:
self.newHMAC(0)
def getConfig(self, name, *default): def getConfig(self, name, *default):
r, = next(self.db.execute( r, = next(self.db.execute(
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment