certbot/certbot-nginx/certbot_nginx/tests/util.py

"""Common utilities for certbot_nginx."""
import copy
import shutil
import tempfile
import unittest
import warnings

import josepy as jose
import mock
import pkg_resources
import zope.component

from certbot import configuration
from certbot.compat import os
from certbot.plugins import common
from certbot.tests import util as test_util

from certbot_nginx import configurator
from certbot_nginx import nginxparser


class NginxTest(unittest.TestCase):  # pylint: disable=too-few-public-methods

    def setUp(self):
        super(NginxTest, self).setUp()

        self.temp_dir, self.config_dir, self.work_dir = common.dir_setup(
            "etc_nginx", "certbot_nginx.tests")
        self.logs_dir = tempfile.mkdtemp('logs')

        self.config_path = os.path.join(self.temp_dir, "etc_nginx")

        self.rsa512jwk = jose.JWKRSA.load(test_util.load_vector(
            "rsa512_key.pem"))

    def tearDown(self):
        # On Windows we have various files which are not correctly closed at the time of tearDown.
        # For know, we log them until a proper file close handling is written.
        # Useful for development only, so no warning when we are on a CI process.
        def onerror_handler(_, path, excinfo):
            """On error handler"""
            if not os.environ.get('APPVEYOR'):  # pragma: no cover
                message = ('Following error occurred when deleting path {0}'
                           'during tearDown process: {1}'.format(path, str(excinfo)))
                warnings.warn(message)

        shutil.rmtree(self.temp_dir, onerror=onerror_handler)
        shutil.rmtree(self.config_dir, onerror=onerror_handler)
        shutil.rmtree(self.work_dir, onerror=onerror_handler)
        shutil.rmtree(self.logs_dir, onerror=onerror_handler)


def get_data_filename(filename):
    """Gets the filename of a test data file."""
    return pkg_resources.resource_filename(
        "certbot_nginx.tests", os.path.join(
            "testdata", "etc_nginx", filename))


def get_nginx_configurator(
        config_path, config_dir, work_dir, logs_dir, version=(1, 6, 2)):
    """Create an Nginx Configurator with the specified options."""

    backups = os.path.join(work_dir, "backups")

    with mock.patch("certbot_nginx.configurator.NginxConfigurator."
                    "config_test"):
        with mock.patch("certbot_nginx.configurator.util."
                        "exe_exists") as mock_exe_exists:
            mock_exe_exists.return_value = True
            config = configurator.NginxConfigurator(
                config=mock.MagicMock(
                    nginx_server_root=config_path,
                    le_vhost_ext="-le-ssl.conf",
                    config_dir=config_dir,
                    work_dir=work_dir,
                    logs_dir=logs_dir,
                    backup_dir=backups,
                    temp_checkpoint_dir=os.path.join(work_dir, "temp_checkpoints"),
                    in_progress_dir=os.path.join(backups, "IN_PROGRESS"),
                    server="https://acme-server.org:443/new",
                    http01_port=80,
                    https_port=5001,
                ),
                name="nginx",
                version=version)
            config.prepare()

    # Provide general config utility.
    nsconfig = configuration.NamespaceConfig(config.config)
    zope.component.provideUtility(nsconfig)

    return config


def filter_comments(tree):
    """Filter comment nodes from parsed configurations."""

    def traverse(tree):
        """Generator dropping comment nodes"""
        for entry in tree:
            # key, values = entry
            spaceless = [e for e in entry if not nginxparser.spacey(e)]
            if spaceless:
                key = spaceless[0]
                values = spaceless[1] if len(spaceless) > 1 else None
            else:
                key = values = ""
            if isinstance(key, list):
                new = copy.deepcopy(entry)
                new[1] = filter_comments(values)
                yield new
            else:
                if key != '#' and spaceless:
                    yield spaceless

    return list(traverse(tree))


def contains_at_depth(haystack, needle, n):
    """Is the needle in haystack at depth n?

    Return true if the needle is present in one of the sub-iterables in haystack
    at depth n. Haystack must be an iterable.
    """
    # Specifically use hasattr rather than isinstance(..., collections.Iterable)
    # because we want to include lists but reject strings.
    if not hasattr(haystack, '__iter__') or hasattr(haystack, 'strip'):
        return False
    if n == 0:
        return needle in haystack
    for item in haystack:
        if contains_at_depth(item, needle, n - 1):
            return True
    return False
s/letsencrypt/certbot letsencrypt-nginx tests 2016-04-13 19:45:54 -04:00			`"""Common utilities for certbot_nginx."""`
Fix TLS_SNI & associated tests 2016-06-18 17:52:07 -04:00			`import copy`
Update to Pylint 1.9.4 and corrections 2019-04-02 16:48:22 -04:00			`import shutil`
Python 3 compatibility for all tests (#4358) 2017-03-17 16:10:02 -04:00			`import tempfile`
start adding nginx stubs 2015-03-23 13:53:44 -04:00			`import unittest`
[Windows] Working unit tests for certbot-nginx (#6782) This PR fixes certbot-nginx and relevant tests to make them succeed on Windows. Next step will be to enable integration tests through certbot-ci in a future PR. * Fix tests and incompabilities in certbot-nginx for Windows * Fix lint, fix oldest local dependencies 2019-02-20 19:20:16 -05:00			`import warnings`
start adding nginx stubs 2015-03-23 13:53:44 -04:00
Use josepy instead of acme.jose. (#5203) 2017-12-11 14:25:09 -05:00			`import josepy as jose`
start adding nginx stubs 2015-03-23 13:53:44 -04:00			`import mock`
Update to Pylint 1.9.4 and corrections 2019-04-02 16:48:22 -04:00			`import pkg_resources`
Ensure test cases have a config singleton 2015-09-16 19:49:39 -04:00			`import zope.component`
start adding nginx stubs 2015-03-23 13:53:44 -04:00
s/letsencrypt/certbot letsencrypt-nginx tests 2016-04-13 19:45:54 -04:00			`from certbot import configuration`
[Windows] Security model for files permissions - STEP 2 (#6895) This PR is the second part of #6497 to ease the integration, following the new plan propose by @bmw here: #6497 (comment) This PR creates the module certbot.compat.os, that delegates everything to os, and that will be the safeguard against problematic methods of the standard module. On top of that, a quality check wrapper is called in the lint tox environment. This wrapper calls pylint and ensures that standard os module is no used directly in the certbot codebase. Finally local oldest requirements are updated to ensure that tests will take the new logic when running. * Add executable permissions * Add the delegate certbot.compat.os module, add check coding style to enforce usage of certbot.compat.os instead of standard os * Load certbot.compat.os instead of os * Move existing compat test * Update local oldest requirements * Import sys * Update account_test.py * Update os.py * Update os.py * Update local oldest requirements * Implement the new linter_plugin * Fix local oldest for nginx * Remove check coding style * Update linter_plugin.py * Add several comments * Update the setup.py * Add documentation * Update acme dependencies * Update certbot/compat/os.py * Update docs/contributing.rst * Update linter_plugin.py * Handle os.path. Simplify checker. * Add a comment to a reference implementation * Update changelog * Fix module registering * Update docs/contributing.rst * Update config and changelog 2019-04-12 16:32:52 -04:00			`from certbot.compat import os`
s/letsencrypt/certbot letsencrypt-nginx tests 2016-04-13 19:45:54 -04:00			`from certbot.plugins import common`
Update to Pylint 1.9.4 and corrections 2019-04-02 16:48:22 -04:00			`from certbot.tests import util as test_util`
Remove a bit of nginx code dedup from apache 2015-05-04 11:33:53 -04:00
s/letsencrypt/certbot letsencrypt-nginx tests 2016-04-13 19:45:54 -04:00			`from certbot_nginx import configurator`
Fix tests 2016-07-14 21:15:01 -04:00			`from certbot_nginx import nginxparser`
start adding nginx stubs 2015-03-23 13:53:44 -04:00

			`class NginxTest(unittest.TestCase): # pylint: disable=too-few-public-methods`

			`def setUp(self):`
			`super(NginxTest, self).setUp()`

letsencrypt_nginx should not depend on letsencrypt_apache. 2015-06-02 09:55:16 -04:00			`self.temp_dir, self.config_dir, self.work_dir = common.dir_setup(`
s/letsencrypt/certbot letsencrypt-nginx tests 2016-04-13 19:45:54 -04:00			`"etc_nginx", "certbot_nginx.tests")`
Python 3 compatibility for all tests (#4358) 2017-03-17 16:10:02 -04:00			`self.logs_dir = tempfile.mkdtemp('logs')`
start adding nginx stubs 2015-03-23 13:53:44 -04:00
Remove a bit of nginx code dedup from apache 2015-05-04 11:33:53 -04:00			`self.config_path = os.path.join(self.temp_dir, "etc_nginx")`
start adding nginx stubs 2015-03-23 13:53:44 -04:00
Fixed unit tests and lint 2015-08-05 18:39:31 -04:00			`self.rsa512jwk = jose.JWKRSA.load(test_util.load_vector(`
			`"rsa512_key.pem"))`
Update nginxparser test, remove other tests for now 2015-04-06 14:24:03 -04:00
[Windows] Working unit tests for certbot-nginx (#6782) This PR fixes certbot-nginx and relevant tests to make them succeed on Windows. Next step will be to enable integration tests through certbot-ci in a future PR. * Fix tests and incompabilities in certbot-nginx for Windows * Fix lint, fix oldest local dependencies 2019-02-20 19:20:16 -05:00			`def tearDown(self):`
			`# On Windows we have various files which are not correctly closed at the time of tearDown.`
			`# For know, we log them until a proper file close handling is written.`
			`# Useful for development only, so no warning when we are on a CI process.`
			`def onerror_handler(_, path, excinfo):`
			`"""On error handler"""`
			`if not os.environ.get('APPVEYOR'): # pragma: no cover`
			`message = ('Following error occurred when deleting path {0}'`
			`'during tearDown process: {1}'.format(path, str(excinfo)))`
			`warnings.warn(message)`

			`shutil.rmtree(self.temp_dir, onerror=onerror_handler)`
			`shutil.rmtree(self.config_dir, onerror=onerror_handler)`
			`shutil.rmtree(self.work_dir, onerror=onerror_handler)`
			`shutil.rmtree(self.logs_dir, onerror=onerror_handler)`

Update nginxparser test, remove other tests for now 2015-04-06 14:24:03 -04:00
			`def get_data_filename(filename):`
Fix most pylint errors 2015-04-17 20:05:00 -04:00			`"""Gets the filename of a test data file."""`
Update nginxparser test, remove other tests for now 2015-04-06 14:24:03 -04:00			`return pkg_resources.resource_filename(`
s/letsencrypt/certbot letsencrypt-nginx tests 2016-04-13 19:45:54 -04:00			`"certbot_nginx.tests", os.path.join(`
Remove a bit of nginx code dedup from apache 2015-05-04 11:33:53 -04:00			`"testdata", "etc_nginx", filename))`
start adding nginx stubs 2015-03-23 13:53:44 -04:00

			`def get_nginx_configurator(`
Python 3 compatibility for all tests (#4358) 2017-03-17 16:10:02 -04:00			`config_path, config_dir, work_dir, logs_dir, version=(1, 6, 2)):`
start adding nginx stubs 2015-03-23 13:53:44 -04:00			`"""Create an Nginx Configurator with the specified options."""`

			`backups = os.path.join(work_dir, "backups")`

s/letsencrypt/certbot letsencrypt-nginx tests 2016-04-13 19:45:54 -04:00			`with mock.patch("certbot_nginx.configurator.NginxConfigurator."`
enable config_test in configurator prepare 2016-01-13 14:05:22 -05:00			`"config_test"):`
Catch more le_util in certbot-nginx 2016-05-26 16:51:56 -04:00			`with mock.patch("certbot_nginx.configurator.util."`
enable config_test in configurator prepare 2016-01-13 14:05:22 -05:00			`"exe_exists") as mock_exe_exists:`
			`mock_exe_exists.return_value = True`
			`config = configurator.NginxConfigurator(`
			`config=mock.MagicMock(`
			`nginx_server_root=config_path,`
			`le_vhost_ext="-le-ssl.conf",`
			`config_dir=config_dir,`
			`work_dir=work_dir,`
Python 3 compatibility for all tests (#4358) 2017-03-17 16:10:02 -04:00			`logs_dir=logs_dir,`
enable config_test in configurator prepare 2016-01-13 14:05:22 -05:00			`backup_dir=backups,`
			`temp_checkpoint_dir=os.path.join(work_dir, "temp_checkpoints"),`
			`in_progress_dir=os.path.join(backups, "IN_PROGRESS"),`
			`server="https://acme-server.org:443/new",`
Remove tls sni in nginx plugin (#6857) * Remove tls-sni from nginx config * Add a dedicated configuration to define what is the HTTPS port for this certbot instance. * Correct some tests * Reestablish default vhost creation * Clean tls references for nginx integration tests * Associate https_port only to tests and nginx 2019-03-18 13:22:19 -04:00			`http01_port=80,`
Remove tls-sni related flags in cli. Add a deprecation warning instead. (#6853) This PR is a part of the tls-sni-01 removal plan described in #6849. This PR removes --tls-sni-01-port, --tls-sni-01-address and tls-sni-01/tls-sni options from --preferred-challenges. They are replace by deprecation warning, indicating that these options will be removed soon. This deprecation, instead of complete removal, is done to avoid certbot instances to hard fail if some automated scripts still use these flags for some users. Once this PR lands, we can remove completely theses flags in one or two release. * Remove tls-sni related flags in cli. Add a deprecation warning instead. * Adapt tests to cli and renewal towards tls-sni flags deprecation * Add https_port option. Make tls_sni_01_port show a deprecation warning, but silently modify https_port if set * Migrate last items * Fix lint * Update certbot/cli.py Co-Authored-By: adferrand <adferrand@users.noreply.github.com> * Ensure to remove all occurences of tls-sni-01 * Remove unused parameter * Revert modifications on cli-help.txt * Use logger.warning instead of sys.stderr * Update the logger warning message * Remove standalone_supported_challenges option. * Fix order of preferred-challenges * Remove supported_challenges property * Fix some tests * Fix lint * Fix tests * Add a changelog * Clean code, fix test * Update CI * Reload * No hard date for tls-sni removal * Remove useless cast to list * Update certbot/tests/renewal_test.py Co-Authored-By: adferrand <adferrand@users.noreply.github.com> * Add entry to the changelog * Add entry to the changelog 2019-03-26 20:46:32 -04:00			`https_port=5001,`
enable config_test in configurator prepare 2016-01-13 14:05:22 -05:00			`),`
			`name="nginx",`
			`version=version)`
			`config.prepare()`
Rework config utility 2015-09-16 21:52:11 -04:00
			`# Provide general config utility.`
			`nsconfig = configuration.NamespaceConfig(config.config)`
client and nginx configs are not the same thing... 2015-09-16 19:58:51 -04:00			`zope.component.provideUtility(nsconfig)`
Rework config utility 2015-09-16 21:52:11 -04:00
start adding nginx stubs 2015-03-23 13:53:44 -04:00			`return config`
Do not silently truncate nginx config files 2015-07-10 16:54:54 -04:00

			`def filter_comments(tree):`
			`"""Filter comment nodes from parsed configurations."""`

			`def traverse(tree):`
			`"""Generator dropping comment nodes"""`
Fix TLS_SNI & associated tests 2016-06-18 17:52:07 -04:00			`for entry in tree:`
Fix tests 2016-07-14 21:15:01 -04:00			`# key, values = entry`
			`spaceless = [e for e in entry if not nginxparser.spacey(e)]`
			`if spaceless:`
			`key = spaceless[0]`
			`values = spaceless[1] if len(spaceless) > 1 else None`
			`else:`
			`key = values = ""`
Do not silently truncate nginx config files 2015-07-10 16:54:54 -04:00			`if isinstance(key, list):`
Fix TLS_SNI & associated tests 2016-06-18 17:52:07 -04:00			`new = copy.deepcopy(entry)`
			`new[1] = filter_comments(values)`
			`yield new`
Do not silently truncate nginx config files 2015-07-10 16:54:54 -04:00			`else:`
Fix tests 2016-07-14 21:15:01 -04:00			`if key != '#' and spaceless:`
			`yield spaceless`
Do not silently truncate nginx config files 2015-07-10 16:54:54 -04:00
			`return list(traverse(tree))`
Nginx improvements Add a server_names_hash_bucket_size directive during challenges to fix an nginx crash on restart (Fixes #922). Use fullchain instead of chain (Fixes #610). Implement OCSP stapling (Fixes #937, Fixes #931). Hide Boulder output in integration tests to make them more readable. 2015-10-11 13:20:08 -04:00
Respond to review feedback. 2015-10-11 14:28:39 -04:00
Nginx improvements Add a server_names_hash_bucket_size directive during challenges to fix an nginx crash on restart (Fixes #922). Use fullchain instead of chain (Fixes #610). Implement OCSP stapling (Fixes #937, Fixes #931). Hide Boulder output in integration tests to make them more readable. 2015-10-11 13:20:08 -04:00			`def contains_at_depth(haystack, needle, n):`
Respond to review feedback. 2015-10-11 14:28:39 -04:00			`"""Is the needle in haystack at depth n?`

Nginx improvements Add a server_names_hash_bucket_size directive during challenges to fix an nginx crash on restart (Fixes #922). Use fullchain instead of chain (Fixes #610). Implement OCSP stapling (Fixes #937, Fixes #931). Hide Boulder output in integration tests to make them more readable. 2015-10-11 13:20:08 -04:00			`Return true if the needle is present in one of the sub-iterables in haystack`
			`at depth n. Haystack must be an iterable.`
			`"""`
Go back to hasattr and add a test. 2015-10-11 15:19:39 -04:00			`# Specifically use hasattr rather than isinstance(..., collections.Iterable)`
			`# because we want to include lists but reject strings.`
Python 3 compatibility for all tests (#4358) 2017-03-17 16:10:02 -04:00			`if not hasattr(haystack, '__iter__') or hasattr(haystack, 'strip'):`
Nginx improvements Add a server_names_hash_bucket_size directive during challenges to fix an nginx crash on restart (Fixes #922). Use fullchain instead of chain (Fixes #610). Implement OCSP stapling (Fixes #937, Fixes #931). Hide Boulder output in integration tests to make them more readable. 2015-10-11 13:20:08 -04:00			`return False`
			`if n == 0:`
			`return needle in haystack`
Fix Pylint upgrade issues * Remove unsupported pylint disable options * star-args removed in Pylint 1.4.3 * abstract-class-little-used removed in Pylint 1.4.3 * Fixes new lint errors * Copy dummy-variable-rgx expression to new ignored-argument-names expression to ignore unused funtion arguments * Notable changes * Refactor to satisfy Pylint no-else-return warning * Fix Pylint inconsistent-return-statements warning * Refactor to satisfy consider-iterating-dictionary * Remove methods with only super call to satisfy useless-super-delegation * Refactor too-many-nested-statements where possible * Suppress type checked errors where member is dynamically added (notably derived from josepy.JSONObjectWithFields) * Remove None default of func parameter for ExitHandler and ErrorHandler Resolves #5973 2018-05-14 12:33:30 -04:00			`for item in haystack:`
			`if contains_at_depth(item, needle, n - 1):`
			`return True`
			`return False`