summaryrefslogtreecommitdiff
path: root/smoketest/scripts/cli/test_service_https.py
AgeCommit message (Collapse)Author
2024-01-09https: T5902: remove virtual-host configurationChristian Breunig
We have not seen the adoption of the https virtual-host CLI option. What it did? * Create multiple webservers each listening on a different IP/port (but in the same VRF) * All webservers shared one common document root * All webservers shared the same SSL certificates * All webservers could have had individual allow-client configurations * API could be enabled for a particular virtual-host but was always enabled on the default host This configuration tried to provide a full webserver via the CLI but VyOS is a router and the Webserver is there for an API or to serve files for a local-ui. Changes Remove support for virtual-hosts as it's an incomplete and thus mostly useless "thing". Migrate all allow-client statements to one top-level allow statement.
2024-01-04configdict: T5894: add get_config_dict() flag with_pkiChristian Breunig
VyOS has several services relaying on the PKI CLI tree to retrieve certificates. Consuming services like ethernet, openvpn or ipsec all re-implemented the same code to retrieve the certificates from the CLI. This commit extends the signature of get_config_dict() with a new option with_pki that defaults to false. If this option is set, the PKI CLI tree will be blended into the resulting dictionary.
2023-12-09T5773: API add smoketest for load config via HTTP URLViacheslav Hletenko
Use a custom NGINX config to load config via URL
2023-11-26http-api: T5782: use single config-mode script for https and http-apiJohn Estabrook
2023-11-22Merge pull request #2522 from dmbaturin/require-api-keysChristian Breunig
https api: T5772: check if keys are configured unless PAM auth is enabled for GraphQL
2023-11-22https api: T5772: check if keys are configuredDaniil Baturin
unless PAM auth is enabled for GraphQL
2023-11-21http: T5762: rename "virtual-host listen-port" -> "virtual-host port"Christian Breunig
This complements commit f5e43b136 ("http: T5762: api: make API socket backend communication the one and only default") so we have a consistent port CLI node across VyOS components.
2023-11-20http: T5762: api: make API socket backend communication the one and only defaultChristian Breunig
Why: Smoketests fail as they can not establish IPv6 connection to uvicorn backend server. https://github.com/vyos/vyos-1x/pull/2481 added a bunch of new smoketests. While debugging those failing, it was uncovered, that uvicorn only listens on IPv4 connections vyos@vyos# netstat -tulnp | grep 8080 (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN - As the CLI already has an option to move the API communication from an IP to a UNIX domain socket, the best idea is to make this the default way of communication, as we never directly talk to the API server but rather use the NGINX reverse proxy.
2023-11-14smoketest: Extend HTTP-API testsViacheslav Hletenko
2023-07-14T5195: vyos.util -> vyos.utils package refactoring (#2093)Christian Breunig
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io
2023-03-01graphql: T5040: adjust smoketest for nullable keyJohn Estabrook
Since 'key' field is no longer required, a missing key will register an error in the resolver, instead of being rejected as bad request.
2022-10-25graphql: T4574: extend smoketest for token authenticationJohn Estabrook
2022-10-21graphql: T4768: change name of api child node from 'gql' to 'graphql'John Estabrook
2022-07-24graphql: T3993: add smoketest for GraphQL key authorizationJohn Estabrook
2022-04-26smoketest: http: add decorator to suppress warnings locallyJohn Estabrook
2022-04-07smoketest: http: add check for missing keyJohn Estabrook
2022-04-07smoketest: http: bind http api to unix domain socketJohn Estabrook
2022-04-06smoketest: http: test API authenticationChristian Poessinger
2022-04-06smoketest: http: verify nginx config fileChristian Poessinger
2021-11-21smoketest: remove superfluous ConfigSession importChristian Poessinger
2021-07-22pki: https: T3642: Migrate HTTPS to use PKI configurationsarthurdev
2021-03-17smoketest: add shim for every test to re-use common tastsChristian Poessinger
Currently every smoketest does the setup and destruction of the configsession on its own durin setUp(). This creates a lot of overhead and one configsession should be re-used during execution of every smoketest script. In addiion a test that failed will leaf the system in an unconsistent state. For this reason before the test is executed we will save the running config to /tmp and the will re-load the config after the test has passed, always ensuring a clean environment for the next test.
2020-12-29smoketest: run all tests with verbosity=2Christian Poessinger
2020-08-30https: add simple smoketest to check nginx config integrityJohn Estabrook