upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-04-15 22:20:28 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
certbot/certbot-nginx/tests/parser_test.py

538 lines
24 KiB
Python
Raw Normal View History

Make the contents of the nginx plugin private (#7589) Part of #5775. * Create _internal folder certbot-nginx * Move configurator.py to _internal * Move constants.py to _internal * Move display_ops.py to _internal * Move http_01.py to _internal * Move nginxparser.py to _internal * Move obj.py to _internal * Move parser_obj.py to _internal * Move parser.py to _internal * Update location and references for tls_configs * exclude parser_obj from coverage
2019-11-25 17:30:24 -05:00
"""Tests for certbot_nginx._internal.parser."""
Add method and test for dumping nginx configs
2015-04-07 19:22:34 -04:00
import glob
Add test for nginx name matching
2015-04-14 01:57:06 -04:00
import re
Add test for recursive file parsing
2015-04-07 17:57:37 -04:00
import shutil
import unittest
Added missing from typing imports. (#8724)
2021-03-23 16:33:47 -04:00
from typing import List
Add test for recursive file parsing
2015-04-07 17:57:37 -04:00
s/letsencrypt/certbot letsencrypt-nginx tests
2016-04-13 19:45:54 -04:00
from certbot import errors
[Windows] Security model for files permissions - STEP 2 (#6895) This PR is the second part of #6497 to ease the integration, following the new plan propose by @bmw here: #6497 (comment) This PR creates the module certbot.compat.os, that delegates everything to os, and that will be the safeguard against problematic methods of the standard module. On top of that, a quality check wrapper is called in the lint tox environment. This wrapper calls pylint and ensures that standard os module is no used directly in the certbot codebase. Finally local oldest requirements are updated to ensure that tests will take the new logic when running. * Add executable permissions * Add the delegate certbot.compat.os module, add check coding style to enforce usage of certbot.compat.os instead of standard os * Load certbot.compat.os instead of os * Move existing compat test * Update local oldest requirements * Import sys * Update account_test.py * Update os.py * Update os.py * Update local oldest requirements * Implement the new linter_plugin * Fix local oldest for nginx * Remove check coding style * Update linter_plugin.py * Add several comments * Update the setup.py * Add documentation * Update acme dependencies * Update certbot/compat/os.py * Update docs/contributing.rst * Update linter_plugin.py * Handle os.path. Simplify checker. * Add a comment to a reference implementation * Update changelog * Fix module registering * Update docs/contributing.rst * Update config and changelog
2019-04-12 16:32:52 -04:00
from certbot.compat import os
Make the contents of the nginx plugin private (#7589) Part of #5775. * Create _internal folder certbot-nginx * Move configurator.py to _internal * Move constants.py to _internal * Move display_ops.py to _internal * Move http_01.py to _internal * Move nginxparser.py to _internal * Move obj.py to _internal * Move parser_obj.py to _internal * Move parser.py to _internal * Update location and references for tls_configs * exclude parser_obj from coverage
2019-11-25 17:30:24 -05:00
from certbot_nginx._internal import nginxparser
from certbot_nginx._internal import obj
from certbot_nginx._internal import parser
Refactor tests out of packaged module for nginx plugin (#7606) * Refactor tests out of packaged module for nginx plugin * Exclude pycache and .py[cod]
2019-11-26 20:45:18 -05:00
import test_util as util
Add test for recursive file parsing
2015-04-07 17:57:37 -04:00
fixes #7553 (#7560)
2019-11-14 17:26:01 -05:00
class NginxParserTest(util.NginxTest):
Add test for recursive file parsing
2015-04-07 17:57:37 -04:00
"""Nginx Parser Test."""
def tearDown(self):
shutil.rmtree(self.temp_dir)
shutil.rmtree(self.config_dir)
shutil.rmtree(self.work_dir)
def test_root_normalized(self):
Remove a bit of nginx code dedup from apache
2015-05-04 11:33:53 -04:00
path = os.path.join(self.temp_dir, "etc_nginx/////"
"ubuntu_nginx/../../etc_nginx")
Switch to using include directive for Nginx constants (#4557) * Switch to using include directive for Nginx constants * remove deprecated comment * give better error message when attempting to insert an existing directive * make code more readable * add docstrings * allow a duplicated directive if it's identical * comment out precisely repeated directives * add comments
2017-05-02 20:56:56 -04:00
nparser = parser.NginxParser(path)
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
self.assertEqual(nparser.root, self.config_path)
Add test for recursive file parsing
2015-04-07 17:57:37 -04:00
def test_root_absolute(self):
Ensure relpath is executed on paths in the same drive (#7335) On Windows you can have several drives (`C:`, `D:`, ...), that is the roughly (really roughly) equivalent of mount points, since each drive is usually associated to a specific physical partition. So you can have paths like `C:\one\path`, `D:\another\path`. In parallel, `os.path.relpath(path, start='.')` calculates the relative path between the given `path` and a `start` path (current directory if not provided). In recent versions of Python, `os.path.relpath` will fail if `path` and `start` are not on the same drive, because a relative path between two paths like `C:\one\path`, `D:\another\path` is not possible. In saw unit tests failing because of this in two locations. This occurs when the certbot codebase that is tested is on a given drive (like `D:`) while the default temporary directory used by `tempfile` is on another drive (most of the time located in `C:` drive). This PR fixes that.
2019-08-23 15:53:31 -04:00
curr_dir = os.getcwd()
try:
# On Windows current directory may be on a different drive than self.tempdir.
# However a relative path between two different drives is invalid. So we move to
# self.tempdir to ensure that we stay on the same drive.
os.chdir(self.temp_dir)
nparser = parser.NginxParser(os.path.relpath(self.config_path))
self.assertEqual(nparser.root, self.config_path)
finally:
os.chdir(curr_dir)
Add test for recursive file parsing
2015-04-07 17:57:37 -04:00
def test_root_no_trailing_slash(self):
Switch to using include directive for Nginx constants (#4557) * Switch to using include directive for Nginx constants * remove deprecated comment * give better error message when attempting to insert an existing directive * make code more readable * add docstrings * allow a duplicated directive if it's identical * comment out precisely repeated directives * add comments
2017-05-02 20:56:56 -04:00
nparser = parser.NginxParser(self.config_path + os.path.sep)
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
self.assertEqual(nparser.root, self.config_path)
Add test for recursive file parsing
2015-04-07 17:57:37 -04:00
Remove vhosts instance variable For now, rebuild vhosts from parser.parsed on every invocation to ensure that vhosts is up-to-date with parser.parsed.
2015-04-15 17:44:51 -04:00
def test_load(self):
Add test for recursive file parsing
2015-04-07 17:57:37 -04:00
"""Test recursive conf file parsing.
"""
Switch to using include directive for Nginx constants (#4557) * Switch to using include directive for Nginx constants * remove deprecated comment * give better error message when attempting to insert an existing directive * make code more readable * add docstrings * allow a duplicated directive if it's identical * comment out precisely repeated directives * add comments
2017-05-02 20:56:56 -04:00
nparser = parser.NginxParser(self.config_path)
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
nparser.load()
Lint certbot code on Python 3, and update Pylint to the latest version (#7551) Part of #7550 This PR makes appropriate corrections to run pylint on Python 3. Why not keeping the dependencies unchanged and just run pylint on Python 3? Because the old version of pylint breaks horribly on Python 3 because of unsupported version of astroid. Why updating pylint + astroid to the latest version ? Because this version only fixes some internal errors occuring during the lint of Certbot code, and is also ready to run gracefully on Python 3.8. Why upgrading mypy ? Because the old version does not support the new version of astroid required to run pylint correctly. Why not upgrading mypy to its latest version ? Because this latest version includes a new typshed version, that adds a lot of new type definitions, and brings dozens of new errors on the Certbot codebase. I would like to fix that in a future PR. That said so, the work has been to find the correct set of new dependency versions, then configure pylint for sane configuration errors in our situation, disable irrelevant lintings errors, then fixing (or ignoring for good reason) the remaining mypy errors. I also made PyLint and MyPy checks run correctly on Windows. * Start configuration * Reconfigure travis * Suspend a check specific to python 3. Start fixing code. * Repair call_args * Fix return + elif lints * Reconfigure development to run mainly on python3 * Remove incompatible Python 3.4 jobs * Suspend pylint in some assertions * Remove pylint in dev * Take first mypy that supports typed-ast>=1.4.0 to limit the migration path * Various return + else lint errors * Find a set of deps that is working with current mypy version * Update local oldest requirements * Remove all current pylint errors * Rebuild letsencrypt-auto * Update mypy to fix pylint with new astroid version, and fix mypy issues * Explain type: ignore * Reconfigure tox, fix none path * Simplify pinning * Remove useless directive * Remove debugging code * Remove continue * Update requirements * Disable unsubscriptable-object check * Disable one check, enabling two more * Plug certbot dev version for oldest requirements * Remove useless disable directives * Remove useless no-member disable * Remove no-else-* checks. Use elif in symetric branches. * Add back assertion * Add new line * Remove unused pylint disable * Remove other pylint disable
2019-12-10 17:12:50 -05:00
self.assertEqual({nparser.abs_path(x) for x in
Allow nginx parser to handle empty file (#8895) * Allow parsing empty files * add unit test * lint * update parser_test * Update configurator_test * update changelog
2021-06-10 19:21:52 -04:00
['foo.conf', 'nginx.conf', 'server.conf', 'mime.types',
Lint certbot code on Python 3, and update Pylint to the latest version (#7551) Part of #7550 This PR makes appropriate corrections to run pylint on Python 3. Why not keeping the dependencies unchanged and just run pylint on Python 3? Because the old version of pylint breaks horribly on Python 3 because of unsupported version of astroid. Why updating pylint + astroid to the latest version ? Because this version only fixes some internal errors occuring during the lint of Certbot code, and is also ready to run gracefully on Python 3.8. Why upgrading mypy ? Because the old version does not support the new version of astroid required to run pylint correctly. Why not upgrading mypy to its latest version ? Because this latest version includes a new typshed version, that adds a lot of new type definitions, and brings dozens of new errors on the Certbot codebase. I would like to fix that in a future PR. That said so, the work has been to find the correct set of new dependency versions, then configure pylint for sane configuration errors in our situation, disable irrelevant lintings errors, then fixing (or ignoring for good reason) the remaining mypy errors. I also made PyLint and MyPy checks run correctly on Windows. * Start configuration * Reconfigure travis * Suspend a check specific to python 3. Start fixing code. * Repair call_args * Fix return + elif lints * Reconfigure development to run mainly on python3 * Remove incompatible Python 3.4 jobs * Suspend pylint in some assertions * Remove pylint in dev * Take first mypy that supports typed-ast>=1.4.0 to limit the migration path * Various return + else lint errors * Find a set of deps that is working with current mypy version * Update local oldest requirements * Remove all current pylint errors * Rebuild letsencrypt-auto * Update mypy to fix pylint with new astroid version, and fix mypy issues * Explain type: ignore * Reconfigure tox, fix none path * Simplify pinning * Remove useless directive * Remove debugging code * Remove continue * Update requirements * Disable unsubscriptable-object check * Disable one check, enabling two more * Plug certbot dev version for oldest requirements * Remove useless disable directives * Remove useless no-member disable * Remove no-else-* checks. Use elif in symetric branches. * Add back assertion * Add new line * Remove unused pylint disable * Remove other pylint disable
2019-12-10 17:12:50 -05:00
'sites-enabled/default',
nginx: authenticate all matching vhosts for HTTP01 (#8663) * nginx: authenticate all matching vhosts for HTTP01 Previously, the nginx authenticator would set up the HTTP-01 challenge response on a single HTTP vhost which matched the challenge domain. The nginx authenticator will now set the challenge response on every vhost which matches the challenge domain, including duplicates and HTTPS vhosts. This makes the authenticator usable behind a CDN where all origin traffic is performed over HTTPS and also makes the authenticator work more reliably against "invalid" nginx configurations, such as those where there are duplicate vhosts. * some typos * dont authenticate the same vhost twice One vhost may appear in both the HTTP and HTTPS vhost lists. Use a set() to avoid trying to mod the same vhost twice. * fix type annotations * rewrite changelog entry
2021-02-26 16:43:22 -05:00
'sites-enabled/both.com',
Lint certbot code on Python 3, and update Pylint to the latest version (#7551) Part of #7550 This PR makes appropriate corrections to run pylint on Python 3. Why not keeping the dependencies unchanged and just run pylint on Python 3? Because the old version of pylint breaks horribly on Python 3 because of unsupported version of astroid. Why updating pylint + astroid to the latest version ? Because this version only fixes some internal errors occuring during the lint of Certbot code, and is also ready to run gracefully on Python 3.8. Why upgrading mypy ? Because the old version does not support the new version of astroid required to run pylint correctly. Why not upgrading mypy to its latest version ? Because this latest version includes a new typshed version, that adds a lot of new type definitions, and brings dozens of new errors on the Certbot codebase. I would like to fix that in a future PR. That said so, the work has been to find the correct set of new dependency versions, then configure pylint for sane configuration errors in our situation, disable irrelevant lintings errors, then fixing (or ignoring for good reason) the remaining mypy errors. I also made PyLint and MyPy checks run correctly on Windows. * Start configuration * Reconfigure travis * Suspend a check specific to python 3. Start fixing code. * Repair call_args * Fix return + elif lints * Reconfigure development to run mainly on python3 * Remove incompatible Python 3.4 jobs * Suspend pylint in some assertions * Remove pylint in dev * Take first mypy that supports typed-ast>=1.4.0 to limit the migration path * Various return + else lint errors * Find a set of deps that is working with current mypy version * Update local oldest requirements * Remove all current pylint errors * Rebuild letsencrypt-auto * Update mypy to fix pylint with new astroid version, and fix mypy issues * Explain type: ignore * Reconfigure tox, fix none path * Simplify pinning * Remove useless directive * Remove debugging code * Remove continue * Update requirements * Disable unsubscriptable-object check * Disable one check, enabling two more * Plug certbot dev version for oldest requirements * Remove useless disable directives * Remove useless no-member disable * Remove no-else-* checks. Use elif in symetric branches. * Add back assertion * Add new line * Remove unused pylint disable * Remove other pylint disable
2019-12-10 17:12:50 -05:00
'sites-enabled/example.com',
'sites-enabled/headers.com',
'sites-enabled/migration.com',
'sites-enabled/sslon.com',
'sites-enabled/globalssl.com',
'sites-enabled/ipv6.com',
Fixing existing tests
2020-02-06 15:24:25 -05:00
'sites-enabled/ipv6ssl.com',
'sites-enabled/example.net']},
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
set(nparser.parsed.keys()))
Fix nginx parser (#4296) * rewrite nginx parser to allow everything that nginx does * also make changes in tls_sni_01.py * add test case with * allow embedded variables * allow empty ${} variable * fix quotes * un-special case if * update all tests to reflect current parsing * escape in QuotedString after merge * add test cases for variable weirdness that are almost certainly nginx bugs * update regex for correct variable rules * close paren doesn't invoke last_space * Make test file valid Nginx syntax
2017-03-24 22:45:53 -04:00
self.assertEqual([['server_name', 'somename', 'alias', 'another.alias']],
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
nparser.parsed[nparser.abs_path('server.conf')])
Add get_all_certs_keys method to parser
2015-04-14 19:24:10 -04:00
self.assertEqual([[['server'], [['listen', '69.50.225.155:9000'],
['listen', '127.0.0.1'],
Fix and add test for get_vhosts
2015-04-10 21:17:17 -04:00
['server_name', '.example.com'],
['server_name', 'example.*']]]],
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
nparser.parsed[nparser.abs_path(
Add test for recursive file parsing
2015-04-07 17:57:37 -04:00
'sites-enabled/example.com')])
Add method and test for dumping nginx configs
2015-04-07 19:22:34 -04:00
def test_abs_path(self):
Switch to using include directive for Nginx constants (#4557) * Switch to using include directive for Nginx constants * remove deprecated comment * give better error message when attempting to insert an existing directive * make code more readable * add docstrings * allow a duplicated directive if it's identical * comment out precisely repeated directives * add comments
2017-05-02 20:56:56 -04:00
nparser = parser.NginxParser(self.config_path)
[Windows] Working unit tests for certbot-nginx (#6782) This PR fixes certbot-nginx and relevant tests to make them succeed on Windows. Next step will be to enable integration tests through certbot-ci in a future PR. * Fix tests and incompabilities in certbot-nginx for Windows * Fix lint, fix oldest local dependencies
2019-02-20 19:20:16 -05:00
if os.name != 'nt':
self.assertEqual('/etc/nginx/*', nparser.abs_path('/etc/nginx/*'))
self.assertEqual(os.path.join(self.config_path, 'foo/bar'),
nparser.abs_path('foo/bar'))
else:
self.assertEqual('C:\\etc\\nginx\\*', nparser.abs_path('C:\\etc\\nginx\\*'))
self.assertEqual(os.path.join(self.config_path, 'foo\\bar'),
nparser.abs_path('foo\\bar'))
Add method and test for dumping nginx configs
2015-04-07 19:22:34 -04:00
def test_filedump(self):
Switch to using include directive for Nginx constants (#4557) * Switch to using include directive for Nginx constants * remove deprecated comment * give better error message when attempting to insert an existing directive * make code more readable * add docstrings * allow a duplicated directive if it's identical * comment out precisely repeated directives * add comments
2017-05-02 20:56:56 -04:00
nparser = parser.NginxParser(self.config_path)
Only write nginx config files if we've modified them
2016-06-24 20:14:14 -04:00
nparser.filedump('test', lazy=False)
Add method and test for dumping nginx configs
2015-04-07 19:22:34 -04:00
# pylint: disable=protected-access
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
parsed = nparser._parse_files(nparser.abs_path(
Add method and test for dumping nginx configs
2015-04-07 19:22:34 -04:00
'sites-enabled/example.com.test'))
Allow nginx parser to handle empty file (#8895) * Allow parsing empty files * add unit test * lint * update parser_test * Update configurator_test * update changelog
2021-06-10 19:21:52 -04:00
self.assertEqual(4, len(glob.glob(nparser.abs_path('*.test'))))
nginx: authenticate all matching vhosts for HTTP01 (#8663) * nginx: authenticate all matching vhosts for HTTP01 Previously, the nginx authenticator would set up the HTTP-01 challenge response on a single HTTP vhost which matched the challenge domain. The nginx authenticator will now set the challenge response on every vhost which matches the challenge domain, including duplicates and HTTPS vhosts. This makes the authenticator usable behind a CDN where all origin traffic is performed over HTTPS and also makes the authenticator work more reliably against "invalid" nginx configurations, such as those where there are duplicate vhosts. * some typos * dont authenticate the same vhost twice One vhost may appear in both the HTTP and HTTPS vhost lists. Use a set() to avoid trying to mod the same vhost twice. * fix type annotations * rewrite changelog entry
2021-02-26 16:43:22 -05:00
self.assertEqual(10, len(
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
glob.glob(nparser.abs_path('sites-enabled/*.test'))))
Add get_all_certs_keys method to parser
2015-04-14 19:24:10 -04:00
self.assertEqual([[['server'], [['listen', '69.50.225.155:9000'],
['listen', '127.0.0.1'],
Fix and add test for get_vhosts
2015-04-10 21:17:17 -04:00
['server_name', '.example.com'],
['server_name', 'example.*']]]],
Add method and test for dumping nginx configs
2015-04-07 19:22:34 -04:00
parsed[0])
Restructure how Nginx parser re-finds vhosts, and disable creating new server blocks. (#3528) * Restructure add_server_directives to take a vhost as argument. This is the first step towards fixing vhost selection in nginx. * Save path to vhost in file while parsing in get_vhosts(). * Disable creating a new server block when no names match. * Make parser select vhost based on information in the vhost it found previously, rather than searching again for a match. * Make add_server_directives update the passed vhost * Update boulder config to pass test * Add testing code for the _do_for_subarray function * documentation and formatting updates
2016-09-26 16:13:29 -04:00
def test__do_for_subarray(self):
# pylint: disable=protected-access
mylists = [([[2], [3], [2]], [[0], [2]]),
([[2], [3], [4]], [[0]]),
([[4], [3], [2]], [[2]]),
([], []),
(2, []),
([[[2], [3], [2]], [[2], [3], [2]]],
[[0, 0], [0, 2], [1, 0], [1, 2]]),
([[[0], [3], [2]], [[2], [3], [2]]], [[0, 2], [1, 0], [1, 2]]),
([[[0], [3], [4]], [[2], [3], [2]]], [[1, 0], [1, 2]]),
([[[0], [3], [4]], [[5], [3], [2]]], [[1, 2]]),
([[[0], [3], [4]], [[5], [3], [0]]], [])]
for mylist, result in mylists:
Convert Python 2 type hints to Python 3 types annotations (#8640) Fixes #8427 This PR converts the Python 2 types hints into Python 3 types annotations. I have used the project https://github.com/ilevkivskyi/com2ann which has been designed for that specific purpose and did that very well. The only remaining things to do were to fix broken type hints that became wrong code after migration, and to fix lines too long with the new syntax. * Raw execution of com2ann * Fixing broken type annotations * Cleanup imports
2021-03-10 14:51:27 -05:00
paths: List[List[int]] = []
Restructure how Nginx parser re-finds vhosts, and disable creating new server blocks. (#3528) * Restructure add_server_directives to take a vhost as argument. This is the first step towards fixing vhost selection in nginx. * Save path to vhost in file while parsing in get_vhosts(). * Disable creating a new server block when no names match. * Make parser select vhost based on information in the vhost it found previously, rather than searching again for a match. * Make add_server_directives update the passed vhost * Update boulder config to pass test * Add testing code for the _do_for_subarray function * documentation and formatting updates
2016-09-26 16:13:29 -04:00
parser._do_for_subarray(mylist,
lambda x: isinstance(x, list) and
len(x) >= 1 and
x[0] == 2,
lambda x, y, pts=paths: pts.append(y))
self.assertEqual(paths, result)
Mark Nginx vhosts as ssl when any vhost is on ssl at that address (#3856) * Move parse_server to be a method of NginxParser * add super equal method to more correctly check addr equality in nginx should we support ipv6 in nginx in the future * add addr:normalized_tuple method * mark addresses listening sslishly due to another server block listening sslishly on that address * test turning on ssl globally * add docstring * lint and remove extra file
2016-12-05 22:17:04 -05:00
def test_get_vhosts_global_ssl(self):
Switch to using include directive for Nginx constants (#4557) * Switch to using include directive for Nginx constants * remove deprecated comment * give better error message when attempting to insert an existing directive * make code more readable * add docstrings * allow a duplicated directive if it's identical * comment out precisely repeated directives * add comments
2017-05-02 20:56:56 -04:00
nparser = parser.NginxParser(self.config_path)
Mark Nginx vhosts as ssl when any vhost is on ssl at that address (#3856) * Move parse_server to be a method of NginxParser * add super equal method to more correctly check addr equality in nginx should we support ipv6 in nginx in the future * add addr:normalized_tuple method * mark addresses listening sslishly due to another server block listening sslishly on that address * test turning on ssl globally * add docstring * lint and remove extra file
2016-12-05 22:17:04 -05:00
vhosts = nparser.get_vhosts()
vhost = obj.VirtualHost(nparser.abs_path('sites-enabled/globalssl.com'),
Revert "Nginx reversion (#5299)" (#5305) This reverts commit c9949411cdc5a058d8114a430d98b45c80384650.
2017-12-06 20:45:20 -05:00
[obj.Addr('4.8.2.6', '57', True, False,
False, False)],
Minor bugfixes (#7891) * Fix dangerous default argument * Remove unused imports * Remove unnecessary comprehension * Use literal syntax to create data structure * Use literal syntax instead of function calls to create data structure Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
2020-04-13 13:41:39 -04:00
True, True, {'globalssl.com'}, [], [0])
Mark Nginx vhosts as ssl when any vhost is on ssl at that address (#3856) * Move parse_server to be a method of NginxParser * add super equal method to more correctly check addr equality in nginx should we support ipv6 in nginx in the future * add addr:normalized_tuple method * mark addresses listening sslishly due to another server block listening sslishly on that address * test turning on ssl globally * add docstring * lint and remove extra file
2016-12-05 22:17:04 -05:00
globalssl_com = [x for x in vhosts if 'globalssl.com' in x.filep][0]
self.assertEqual(vhost, globalssl_com)
Restructure how Nginx parser re-finds vhosts, and disable creating new server blocks. (#3528) * Restructure add_server_directives to take a vhost as argument. This is the first step towards fixing vhost selection in nginx. * Save path to vhost in file while parsing in get_vhosts(). * Disable creating a new server block when no names match. * Make parser select vhost based on information in the vhost it found previously, rather than searching again for a match. * Make add_server_directives update the passed vhost * Update boulder config to pass test * Add testing code for the _do_for_subarray function * documentation and formatting updates
2016-09-26 16:13:29 -04:00
Fix and add test for get_vhosts
2015-04-10 21:17:17 -04:00
def test_get_vhosts(self):
Switch to using include directive for Nginx constants (#4557) * Switch to using include directive for Nginx constants * remove deprecated comment * give better error message when attempting to insert an existing directive * make code more readable * add docstrings * allow a duplicated directive if it's identical * comment out precisely repeated directives * add comments
2017-05-02 20:56:56 -04:00
nparser = parser.NginxParser(self.config_path)
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
vhosts = nparser.get_vhosts()
vhost1 = obj.VirtualHost(nparser.abs_path('nginx.conf'),
Revert "Nginx reversion (#5299)" (#5305) This reverts commit c9949411cdc5a058d8114a430d98b45c80384650.
2017-12-06 20:45:20 -05:00
[obj.Addr('', '8080', False, False,
False, False)],
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
False, True,
Minor bugfixes (#7891) * Fix dangerous default argument * Remove unused imports * Remove unnecessary comprehension * Use literal syntax to create data structure * Use literal syntax instead of function calls to create data structure Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
2020-04-13 13:41:39 -04:00
{'localhost',
r'~^(www\.)?(example|bar)\.'},
Allow empty nginx blocks (#4555) * modify test config file to allow valid config that fails to parse in parser.py * make failing tests pass by fixing the problem
2017-04-26 21:44:06 -04:00
[], [10, 1, 9])
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
vhost2 = obj.VirtualHost(nparser.abs_path('nginx.conf'),
Revert "Nginx reversion (#5299)" (#5305) This reverts commit c9949411cdc5a058d8114a430d98b45c80384650.
2017-12-06 20:45:20 -05:00
[obj.Addr('somename', '8080', False, False,
False, False),
obj.Addr('', '8000', False, False,
False, False)],
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
False, True,
Minor bugfixes (#7891) * Fix dangerous default argument * Remove unused imports * Remove unnecessary comprehension * Use literal syntax to create data structure * Use literal syntax instead of function calls to create data structure Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
2020-04-13 13:41:39 -04:00
{'somename', 'another.alias', 'alias'},
Allow empty nginx blocks (#4555) * modify test config file to allow valid config that fails to parse in parser.py * make failing tests pass by fixing the problem
2017-04-26 21:44:06 -04:00
[], [10, 1, 12])
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
vhost3 = obj.VirtualHost(nparser.abs_path('sites-enabled/example.com'),
[obj.Addr('69.50.225.155', '9000',
Revert "Nginx reversion (#5299)" (#5305) This reverts commit c9949411cdc5a058d8114a430d98b45c80384650.
2017-12-06 20:45:20 -05:00
False, False, False, False),
obj.Addr('127.0.0.1', '', False, False,
False, False)],
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
False, True,
Minor bugfixes (#7891) * Fix dangerous default argument * Remove unused imports * Remove unnecessary comprehension * Use literal syntax to create data structure * Use literal syntax instead of function calls to create data structure Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
2020-04-13 13:41:39 -04:00
{'.example.com', 'example.*'}, [], [0])
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
vhost4 = obj.VirtualHost(nparser.abs_path('sites-enabled/default'),
Revert "Nginx reversion (#5299)" (#5305) This reverts commit c9949411cdc5a058d8114a430d98b45c80384650.
2017-12-06 20:45:20 -05:00
[obj.Addr('myhost', '', False, True,
False, False),
obj.Addr('otherhost', '', False, True,
False, False)],
Minor bugfixes (#7891) * Fix dangerous default argument * Remove unused imports * Remove unnecessary comprehension * Use literal syntax to create data structure * Use literal syntax instead of function calls to create data structure Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
2020-04-13 13:41:39 -04:00
False, True, {'www.example.org'},
Restructure how Nginx parser re-finds vhosts, and disable creating new server blocks. (#3528) * Restructure add_server_directives to take a vhost as argument. This is the first step towards fixing vhost selection in nginx. * Save path to vhost in file while parsing in get_vhosts(). * Disable creating a new server block when no names match. * Make parser select vhost based on information in the vhost it found previously, rather than searching again for a match. * Make add_server_directives update the passed vhost * Update boulder config to pass test * Add testing code for the _do_for_subarray function * documentation and formatting updates
2016-09-26 16:13:29 -04:00
[], [0])
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
vhost5 = obj.VirtualHost(nparser.abs_path('foo.conf'),
Revert "Nginx reversion (#5299)" (#5305) This reverts commit c9949411cdc5a058d8114a430d98b45c80384650.
2017-12-06 20:45:20 -05:00
[obj.Addr('*', '80', True, True,
False, False)],
Minor bugfixes (#7891) * Fix dangerous default argument * Remove unused imports * Remove unnecessary comprehension * Use literal syntax to create data structure * Use literal syntax instead of function calls to create data structure Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
2020-04-13 13:41:39 -04:00
True, True, {'*.www.foo.com',
'*.www.example.com'},
Restructure how Nginx parser re-finds vhosts, and disable creating new server blocks. (#3528) * Restructure add_server_directives to take a vhost as argument. This is the first step towards fixing vhost selection in nginx. * Save path to vhost in file while parsing in get_vhosts(). * Disable creating a new server block when no names match. * Make parser select vhost based on information in the vhost it found previously, rather than searching again for a match. * Make add_server_directives update the passed vhost * Update boulder config to pass test * Add testing code for the _do_for_subarray function * documentation and formatting updates
2016-09-26 16:13:29 -04:00
[], [2, 1, 0])
Fix and add test for get_vhosts
2015-04-10 21:17:17 -04:00
nginx: authenticate all matching vhosts for HTTP01 (#8663) * nginx: authenticate all matching vhosts for HTTP01 Previously, the nginx authenticator would set up the HTTP-01 challenge response on a single HTTP vhost which matched the challenge domain. The nginx authenticator will now set the challenge response on every vhost which matches the challenge domain, including duplicates and HTTPS vhosts. This makes the authenticator usable behind a CDN where all origin traffic is performed over HTTPS and also makes the authenticator work more reliably against "invalid" nginx configurations, such as those where there are duplicate vhosts. * some typos * dont authenticate the same vhost twice One vhost may appear in both the HTTP and HTTPS vhost lists. Use a set() to avoid trying to mod the same vhost twice. * fix type annotations * rewrite changelog entry
2021-02-26 16:43:22 -05:00
self.assertEqual(19, len(vhosts))
Fix most pylint errors
2015-04-17 20:05:00 -04:00
example_com = [x for x in vhosts if 'example.com' in x.filep][0]
Fix and add test for get_vhosts
2015-04-10 21:17:17 -04:00
self.assertEqual(vhost3, example_com)
Fix most pylint errors
2015-04-17 20:05:00 -04:00
default = [x for x in vhosts if 'default' in x.filep][0]
Fix and add test for get_vhosts
2015-04-10 21:17:17 -04:00
self.assertEqual(vhost4, default)
Fix most pylint errors
2015-04-17 20:05:00 -04:00
fooconf = [x for x in vhosts if 'foo.conf' in x.filep][0]
self.assertEqual(vhost5, fooconf)
localhost = [x for x in vhosts if 'localhost' in x.names][0]
Use assertEqual instead of deprecated assertEquals
2016-07-19 13:12:47 -04:00
self.assertEqual(vhost1, localhost)
Fix most pylint errors
2015-04-17 20:05:00 -04:00
somename = [x for x in vhosts if 'somename' in x.names][0]
Use assertEqual instead of deprecated assertEquals
2016-07-19 13:12:47 -04:00
self.assertEqual(vhost2, somename)
Fix and add test for get_vhosts
2015-04-10 21:17:17 -04:00
Update Nginx redirect enhancement process to modify appropriate blocks (#3546) * Cache the vhost we find during nginx deployment for OCSP enhancement. * Refactor to pass domain into enhancement functions * Add https redirect to most name-matching block listening non-sslishly. * Redirect enhancement chooses the vhost most closely matching target_name that is listening to port 80 without using ssl. * Add default listen 80 directive when it is implicitly defined
2016-09-29 19:16:07 -04:00
def test_has_ssl_on_directive(self):
Switch to using include directive for Nginx constants (#4557) * Switch to using include directive for Nginx constants * remove deprecated comment * give better error message when attempting to insert an existing directive * make code more readable * add docstrings * allow a duplicated directive if it's identical * comment out precisely repeated directives * add comments
2017-05-02 20:56:56 -04:00
nparser = parser.NginxParser(self.config_path)
Update Nginx redirect enhancement process to modify appropriate blocks (#3546) * Cache the vhost we find during nginx deployment for OCSP enhancement. * Refactor to pass domain into enhancement functions * Add https redirect to most name-matching block listening non-sslishly. * Redirect enhancement chooses the vhost most closely matching target_name that is listening to port 80 without using ssl. * Add default listen 80 directive when it is implicitly defined
2016-09-29 19:16:07 -04:00
mock_vhost = obj.VirtualHost(None, None, None, None, None,
[['listen', 'myhost default_server'],
['server_name', 'www.example.org'],
[['location', '/'], [['root', 'html'], ['index', 'index.html index.htm']]]
], None)
self.assertFalse(nparser.has_ssl_on_directive(mock_vhost))
Fix nginx parser (#4296) * rewrite nginx parser to allow everything that nginx does * also make changes in tls_sni_01.py * add test case with * allow embedded variables * allow empty ${} variable * fix quotes * un-special case if * update all tests to reflect current parsing * escape in QuotedString after merge * add test cases for variable weirdness that are almost certainly nginx bugs * update regex for correct variable rules * close paren doesn't invoke last_space * Make test file valid Nginx syntax
2017-03-24 22:45:53 -04:00
mock_vhost.raw = [['listen', '*:80', 'default_server', 'ssl'],
['server_name', '*.www.foo.com', '*.www.example.com'],
Update Nginx redirect enhancement process to modify appropriate blocks (#3546) * Cache the vhost we find during nginx deployment for OCSP enhancement. * Refactor to pass domain into enhancement functions * Add https redirect to most name-matching block listening non-sslishly. * Redirect enhancement chooses the vhost most closely matching target_name that is listening to port 80 without using ssl. * Add default listen 80 directive when it is implicitly defined
2016-09-29 19:16:07 -04:00
['root', '/home/ubuntu/sites/foo/']]
self.assertFalse(nparser.has_ssl_on_directive(mock_vhost))
mock_vhost.raw = [['listen', '80 ssl'],
Fix nginx parser (#4296) * rewrite nginx parser to allow everything that nginx does * also make changes in tls_sni_01.py * add test case with * allow embedded variables * allow empty ${} variable * fix quotes * un-special case if * update all tests to reflect current parsing * escape in QuotedString after merge * add test cases for variable weirdness that are almost certainly nginx bugs * update regex for correct variable rules * close paren doesn't invoke last_space * Make test file valid Nginx syntax
2017-03-24 22:45:53 -04:00
['server_name', '*.www.foo.com', '*.www.example.com']]
Update Nginx redirect enhancement process to modify appropriate blocks (#3546) * Cache the vhost we find during nginx deployment for OCSP enhancement. * Refactor to pass domain into enhancement functions * Add https redirect to most name-matching block listening non-sslishly. * Redirect enhancement chooses the vhost most closely matching target_name that is listening to port 80 without using ssl. * Add default listen 80 directive when it is implicitly defined
2016-09-29 19:16:07 -04:00
self.assertFalse(nparser.has_ssl_on_directive(mock_vhost))
mock_vhost.raw = [['listen', '80'],
['ssl', 'on'],
Fix nginx parser (#4296) * rewrite nginx parser to allow everything that nginx does * also make changes in tls_sni_01.py * add test case with * allow embedded variables * allow empty ${} variable * fix quotes * un-special case if * update all tests to reflect current parsing * escape in QuotedString after merge * add test cases for variable weirdness that are almost certainly nginx bugs * update regex for correct variable rules * close paren doesn't invoke last_space * Make test file valid Nginx syntax
2017-03-24 22:45:53 -04:00
['server_name', '*.www.foo.com', '*.www.example.com']]
Improve assertions in nginx and DNS plugin tests. (#9157) * Improve assertions in nginx and DNS plugin tests. * Use assertIs for asserting is True/False.
2022-01-04 17:59:58 -05:00
self.assertIs(nparser.has_ssl_on_directive(mock_vhost), True)
feat(nginx plugin): add HSTS enhancement (#5463) * feat(nginx plugin): add HSTS enhancement * chore(nginx): factor out block-splitting code from redirect & hsts enhancements! * chore(nginx): merge fixes * address comments * fix linter: remove a space * fix(config): remove SSL directives in HTTP block after block split, and remove_directive removes 'Managed by certbot' comment * chore(nginx-hsts): Move added SSL directives to a constant on Configurator class * fix(nginx-hsts): rebase on wildcard cert changes
2018-03-16 18:27:39 -04:00
def test_remove_server_directives(self):
nparser = parser.NginxParser(self.config_path)
mock_vhost = obj.VirtualHost(nparser.abs_path('nginx.conf'),
None, None, None,
Minor bugfixes (#7891) * Fix dangerous default argument * Remove unused imports * Remove unnecessary comprehension * Use literal syntax to create data structure * Use literal syntax instead of function calls to create data structure Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
2020-04-13 13:41:39 -04:00
{'localhost',
r'~^(www\.)?(example|bar)\.'},
feat(nginx plugin): add HSTS enhancement (#5463) * feat(nginx plugin): add HSTS enhancement * chore(nginx): factor out block-splitting code from redirect & hsts enhancements! * chore(nginx): merge fixes * address comments * fix linter: remove a space * fix(config): remove SSL directives in HTTP block after block split, and remove_directive removes 'Managed by certbot' comment * chore(nginx-hsts): Move added SSL directives to a constant on Configurator class * fix(nginx-hsts): rebase on wildcard cert changes
2018-03-16 18:27:39 -04:00
None, [10, 1, 9])
example_com = nparser.abs_path('sites-enabled/example.com')
Minor bugfixes (#7891) * Fix dangerous default argument * Remove unused imports * Remove unnecessary comprehension * Use literal syntax to create data structure * Use literal syntax instead of function calls to create data structure Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
2020-04-13 13:41:39 -04:00
names = {'.example.com', 'example.*'}
feat(nginx plugin): add HSTS enhancement (#5463) * feat(nginx plugin): add HSTS enhancement * chore(nginx): factor out block-splitting code from redirect & hsts enhancements! * chore(nginx): merge fixes * address comments * fix linter: remove a space * fix(config): remove SSL directives in HTTP block after block split, and remove_directive removes 'Managed by certbot' comment * chore(nginx-hsts): Move added SSL directives to a constant on Configurator class * fix(nginx-hsts): rebase on wildcard cert changes
2018-03-16 18:27:39 -04:00
mock_vhost.filep = example_com
mock_vhost.names = names
mock_vhost.path = [0]
nparser.add_server_directives(mock_vhost,
[['foo', 'bar'], ['ssl_certificate',
Refactor _add_directive into separate functions (#5786) * Refactor _add_directive to separate functions * UnspacedList isn't idempotent * refactor parser in add_server_directives and update_or_add_server_directives * update parser tests * remove replace=False and add to update_or_add for replace=True in configurator * remove replace=False and add to update_or_add for replace=True in http01 * update documentation
2018-03-23 19:30:13 -04:00
'/etc/ssl/cert2.pem']])
feat(nginx plugin): add HSTS enhancement (#5463) * feat(nginx plugin): add HSTS enhancement * chore(nginx): factor out block-splitting code from redirect & hsts enhancements! * chore(nginx): merge fixes * address comments * fix linter: remove a space * fix(config): remove SSL directives in HTTP block after block split, and remove_directive removes 'Managed by certbot' comment * chore(nginx-hsts): Move added SSL directives to a constant on Configurator class * fix(nginx-hsts): rebase on wildcard cert changes
2018-03-16 18:27:39 -04:00
nparser.remove_server_directives(mock_vhost, 'foo')
nparser.remove_server_directives(mock_vhost, 'ssl_certificate')
self.assertEqual(nparser.parsed[example_com],
[[['server'], [['listen', '69.50.225.155:9000'],
['listen', '127.0.0.1'],
['server_name', '.example.com'],
['server_name', 'example.*'],
[]]]])
Fix and add test for get_vhosts
2015-04-10 21:17:17 -04:00
def test_add_server_directives(self):
Switch to using include directive for Nginx constants (#4557) * Switch to using include directive for Nginx constants * remove deprecated comment * give better error message when attempting to insert an existing directive * make code more readable * add docstrings * allow a duplicated directive if it's identical * comment out precisely repeated directives * add comments
2017-05-02 20:56:56 -04:00
nparser = parser.NginxParser(self.config_path)
Restructure how Nginx parser re-finds vhosts, and disable creating new server blocks. (#3528) * Restructure add_server_directives to take a vhost as argument. This is the first step towards fixing vhost selection in nginx. * Save path to vhost in file while parsing in get_vhosts(). * Disable creating a new server block when no names match. * Make parser select vhost based on information in the vhost it found previously, rather than searching again for a match. * Make add_server_directives update the passed vhost * Update boulder config to pass test * Add testing code for the _do_for_subarray function * documentation and formatting updates
2016-09-26 16:13:29 -04:00
mock_vhost = obj.VirtualHost(nparser.abs_path('nginx.conf'),
None, None, None,
Minor bugfixes (#7891) * Fix dangerous default argument * Remove unused imports * Remove unnecessary comprehension * Use literal syntax to create data structure * Use literal syntax instead of function calls to create data structure Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
2020-04-13 13:41:39 -04:00
{'localhost',
r'~^(www\.)?(example|bar)\.'},
Allow empty nginx blocks (#4555) * modify test config file to allow valid config that fails to parse in parser.py * make failing tests pass by fixing the problem
2017-04-26 21:44:06 -04:00
None, [10, 1, 9])
Restructure how Nginx parser re-finds vhosts, and disable creating new server blocks. (#3528) * Restructure add_server_directives to take a vhost as argument. This is the first step towards fixing vhost selection in nginx. * Save path to vhost in file while parsing in get_vhosts(). * Disable creating a new server block when no names match. * Make parser select vhost based on information in the vhost it found previously, rather than searching again for a match. * Make add_server_directives update the passed vhost * Update boulder config to pass test * Add testing code for the _do_for_subarray function * documentation and formatting updates
2016-09-26 16:13:29 -04:00
nparser.add_server_directives(mock_vhost,
Lint & test fix
2016-06-17 17:39:55 -04:00
[['foo', 'bar'], ['\n ', 'ssl_certificate', ' ',
Refactor _add_directive into separate functions (#5786) * Refactor _add_directive to separate functions * UnspacedList isn't idempotent * refactor parser in add_server_directives and update_or_add_server_directives * update parser tests * remove replace=False and add to update_or_add for replace=True in configurator * remove replace=False and add to update_or_add for replace=True in http01 * update documentation
2018-03-23 19:30:13 -04:00
'/etc/ssl/cert.pem']])
Nginx improvements Add a server_names_hash_bucket_size directive during challenges to fix an nginx crash on restart (Fixes #922). Use fullchain instead of chain (Fixes #610). Implement OCSP stapling (Fixes #937, Fixes #931). Hide Boulder output in integration tests to make them more readable.
2015-10-11 13:20:08 -04:00
ssl_re = re.compile(r'\n\s+ssl_certificate /etc/ssl/cert.pem')
dump = nginxparser.dumps(nparser.parsed[nparser.abs_path('nginx.conf')])
self.assertEqual(1, len(re.findall(ssl_re, dump)))
Go back to hasattr and add a test.
2015-10-11 15:19:39 -04:00
Restructure how Nginx parser re-finds vhosts, and disable creating new server blocks. (#3528) * Restructure add_server_directives to take a vhost as argument. This is the first step towards fixing vhost selection in nginx. * Save path to vhost in file while parsing in get_vhosts(). * Disable creating a new server block when no names match. * Make parser select vhost based on information in the vhost it found previously, rather than searching again for a match. * Make add_server_directives update the passed vhost * Update boulder config to pass test * Add testing code for the _do_for_subarray function * documentation and formatting updates
2016-09-26 16:13:29 -04:00
example_com = nparser.abs_path('sites-enabled/example.com')
Minor bugfixes (#7891) * Fix dangerous default argument * Remove unused imports * Remove unnecessary comprehension * Use literal syntax to create data structure * Use literal syntax instead of function calls to create data structure Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
2020-04-13 13:41:39 -04:00
names = {'.example.com', 'example.*'}
Restructure how Nginx parser re-finds vhosts, and disable creating new server blocks. (#3528) * Restructure add_server_directives to take a vhost as argument. This is the first step towards fixing vhost selection in nginx. * Save path to vhost in file while parsing in get_vhosts(). * Disable creating a new server block when no names match. * Make parser select vhost based on information in the vhost it found previously, rather than searching again for a match. * Make add_server_directives update the passed vhost * Update boulder config to pass test * Add testing code for the _do_for_subarray function * documentation and formatting updates
2016-09-26 16:13:29 -04:00
mock_vhost.filep = example_com
mock_vhost.names = names
mock_vhost.path = [0]
nparser.add_server_directives(mock_vhost,
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
[['foo', 'bar'], ['ssl_certificate',
Refactor _add_directive into separate functions (#5786) * Refactor _add_directive to separate functions * UnspacedList isn't idempotent * refactor parser in add_server_directives and update_or_add_server_directives * update parser tests * remove replace=False and add to update_or_add for replace=True in configurator * remove replace=False and add to update_or_add for replace=True in http01 * update documentation
2018-03-23 19:30:13 -04:00
'/etc/ssl/cert2.pem']])
nparser.add_server_directives(mock_vhost, [['foo', 'bar']])
Make the contents of the nginx plugin private (#7589) Part of #5775. * Create _internal folder certbot-nginx * Move configurator.py to _internal * Move constants.py to _internal * Move display_ops.py to _internal * Move http_01.py to _internal * Move nginxparser.py to _internal * Move obj.py to _internal * Move parser_obj.py to _internal * Move parser.py to _internal * Update location and references for tls_configs * exclude parser_obj from coverage
2019-11-25 17:30:24 -05:00
from certbot_nginx._internal.parser import COMMENT
Restructure how Nginx parser re-finds vhosts, and disable creating new server blocks. (#3528) * Restructure add_server_directives to take a vhost as argument. This is the first step towards fixing vhost selection in nginx. * Save path to vhost in file while parsing in get_vhosts(). * Disable creating a new server block when no names match. * Make parser select vhost based on information in the vhost it found previously, rather than searching again for a match. * Make add_server_directives update the passed vhost * Update boulder config to pass test * Add testing code for the _do_for_subarray function * documentation and formatting updates
2016-09-26 16:13:29 -04:00
self.assertEqual(nparser.parsed[example_com],
[[['server'], [['listen', '69.50.225.155:9000'],
['listen', '127.0.0.1'],
['server_name', '.example.com'],
['server_name', 'example.*'],
['foo', 'bar'],
['#', COMMENT],
['ssl_certificate', '/etc/ssl/cert2.pem'],
['#', COMMENT], [], []
]]])
server_conf = nparser.abs_path('server.conf')
Minor bugfixes (#7891) * Fix dangerous default argument * Remove unused imports * Remove unnecessary comprehension * Use literal syntax to create data structure * Use literal syntax instead of function calls to create data structure Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
2020-04-13 13:41:39 -04:00
names = {'alias', 'another.alias', 'somename'}
Restructure how Nginx parser re-finds vhosts, and disable creating new server blocks. (#3528) * Restructure add_server_directives to take a vhost as argument. This is the first step towards fixing vhost selection in nginx. * Save path to vhost in file while parsing in get_vhosts(). * Disable creating a new server block when no names match. * Make parser select vhost based on information in the vhost it found previously, rather than searching again for a match. * Make add_server_directives update the passed vhost * Update boulder config to pass test * Add testing code for the _do_for_subarray function * documentation and formatting updates
2016-09-26 16:13:29 -04:00
mock_vhost.filep = server_conf
mock_vhost.names = names
mock_vhost.path = []
self.assertRaises(errors.MisconfigurationError,
nparser.add_server_directives,
mock_vhost,
[['foo', 'bar'],
Refactor _add_directive into separate functions (#5786) * Refactor _add_directive to separate functions * UnspacedList isn't idempotent * refactor parser in add_server_directives and update_or_add_server_directives * update parser tests * remove replace=False and add to update_or_add for replace=True in configurator * remove replace=False and add to update_or_add for replace=True in http01 * update documentation
2018-03-23 19:30:13 -04:00
['ssl_certificate', '/etc/ssl/cert2.pem']])
Go back to hasattr and add a test.
2015-10-11 15:19:39 -04:00
Allow Nginx to insert include files with comments inside (#4666) * add failing test case * allow include files to insert comments * lint
2017-05-15 18:30:50 -04:00
def test_comment_is_repeatable(self):
nparser = parser.NginxParser(self.config_path)
example_com = nparser.abs_path('sites-enabled/example.com')
mock_vhost = obj.VirtualHost(example_com,
None, None, None,
Minor bugfixes (#7891) * Fix dangerous default argument * Remove unused imports * Remove unnecessary comprehension * Use literal syntax to create data structure * Use literal syntax instead of function calls to create data structure Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
2020-04-13 13:41:39 -04:00
{'.example.com', 'example.*'},
Allow Nginx to insert include files with comments inside (#4666) * add failing test case * allow include files to insert comments * lint
2017-05-15 18:30:50 -04:00
None, [0])
nparser.add_server_directives(mock_vhost,
Refactor _add_directive into separate functions (#5786) * Refactor _add_directive to separate functions * UnspacedList isn't idempotent * refactor parser in add_server_directives and update_or_add_server_directives * update parser tests * remove replace=False and add to update_or_add for replace=True in configurator * remove replace=False and add to update_or_add for replace=True in http01 * update documentation
2018-03-23 19:30:13 -04:00
[['\n ', '#', ' ', 'what a nice comment']])
Allow Nginx to insert include files with comments inside (#4666) * add failing test case * allow include files to insert comments * lint
2017-05-15 18:30:50 -04:00
nparser.add_server_directives(mock_vhost,
[['\n ', 'include', ' ',
Refactor _add_directive into separate functions (#5786) * Refactor _add_directive to separate functions * UnspacedList isn't idempotent * refactor parser in add_server_directives and update_or_add_server_directives * update parser tests * remove replace=False and add to update_or_add for replace=True in configurator * remove replace=False and add to update_or_add for replace=True in http01 * update documentation
2018-03-23 19:30:13 -04:00
nparser.abs_path('comment_in_file.conf')]])
Make the contents of the nginx plugin private (#7589) Part of #5775. * Create _internal folder certbot-nginx * Move configurator.py to _internal * Move constants.py to _internal * Move display_ops.py to _internal * Move http_01.py to _internal * Move nginxparser.py to _internal * Move obj.py to _internal * Move parser_obj.py to _internal * Move parser.py to _internal * Update location and references for tls_configs * exclude parser_obj from coverage
2019-11-25 17:30:24 -05:00
from certbot_nginx._internal.parser import COMMENT
Allow Nginx to insert include files with comments inside (#4666) * add failing test case * allow include files to insert comments * lint
2017-05-15 18:30:50 -04:00
self.assertEqual(nparser.parsed[example_com],
[[['server'], [['listen', '69.50.225.155:9000'],
['listen', '127.0.0.1'],
['server_name', '.example.com'],
['server_name', 'example.*'],
['#', ' ', 'what a nice comment'],
[],
['include', nparser.abs_path('comment_in_file.conf')],
['#', COMMENT],
[]]]]
)
Add test for nginx name matching
2015-04-14 01:57:06 -04:00
def test_replace_server_directives(self):
Switch to using include directive for Nginx constants (#4557) * Switch to using include directive for Nginx constants * remove deprecated comment * give better error message when attempting to insert an existing directive * make code more readable * add docstrings * allow a duplicated directive if it's identical * comment out precisely repeated directives * add comments
2017-05-02 20:56:56 -04:00
nparser = parser.NginxParser(self.config_path)
Minor bugfixes (#7891) * Fix dangerous default argument * Remove unused imports * Remove unnecessary comprehension * Use literal syntax to create data structure * Use literal syntax instead of function calls to create data structure Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
2020-04-13 13:41:39 -04:00
target = {'.example.com', 'example.*'}
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
filep = nparser.abs_path('sites-enabled/example.com')
Restructure how Nginx parser re-finds vhosts, and disable creating new server blocks. (#3528) * Restructure add_server_directives to take a vhost as argument. This is the first step towards fixing vhost selection in nginx. * Save path to vhost in file while parsing in get_vhosts(). * Disable creating a new server block when no names match. * Make parser select vhost based on information in the vhost it found previously, rather than searching again for a match. * Make add_server_directives update the passed vhost * Update boulder config to pass test * Add testing code for the _do_for_subarray function * documentation and formatting updates
2016-09-26 16:13:29 -04:00
mock_vhost = obj.VirtualHost(filep, None, None, None, target, None, [0])
Refactor _add_directive into separate functions (#5786) * Refactor _add_directive to separate functions * UnspacedList isn't idempotent * refactor parser in add_server_directives and update_or_add_server_directives * update parser tests * remove replace=False and add to update_or_add for replace=True in configurator * remove replace=False and add to update_or_add for replace=True in http01 * update documentation
2018-03-23 19:30:13 -04:00
nparser.update_or_add_server_directives(
mock_vhost, [['server_name', 'foobar.com']])
Make the contents of the nginx plugin private (#7589) Part of #5775. * Create _internal folder certbot-nginx * Move configurator.py to _internal * Move constants.py to _internal * Move display_ops.py to _internal * Move http_01.py to _internal * Move nginxparser.py to _internal * Move obj.py to _internal * Move parser_obj.py to _internal * Move parser.py to _internal * Update location and references for tls_configs * exclude parser_obj from coverage
2019-11-25 17:30:24 -05:00
from certbot_nginx._internal.parser import COMMENT
Add test for nginx name matching
2015-04-14 01:57:06 -04:00
self.assertEqual(
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
nparser.parsed[filep],
Add get_all_certs_keys method to parser
2015-04-14 19:24:10 -04:00
[[['server'], [['listen', '69.50.225.155:9000'],
['listen', '127.0.0.1'],
Don't hardcode comment added by Certbot
2016-08-16 21:50:18 -04:00
['server_name', 'foobar.com'], ['#', COMMENT],
Fix tests for our new spacey, commented world
2016-08-05 18:37:01 -04:00
['server_name', 'example.*'], []
Better Nginx error handling. Raise MisconfigurationError on restart failure, so we don't attempt to continue with an authorization we know will fail. Log at debug level the config files that are about to be written out, so it's easier to debug restart failures. Fix https://github.com/letsencrypt/letsencrypt/issues/942: Error out if adding a conflicting directive. Remove unnecessarily-inserted access_log and error_log directives. These were added to make integration testing easier but are no longer needed. Incidentally this makes the plugin work with some configs where it wouldn't have worked previously. Change the semantics of add_server_directives with replace=True so only the first instance of a given directive is replaced, not all of them. This works fine with the one place in the code that calls add_server_directives with replace=True, because all of the involved directives aren't allowed to be duplicated in a given block. Make add_http_directives do inserts into the structure itself, since its needs were significantly different than the more general add_server_directives. This also allows us to narrow the scope of the `block.insert(0, directive)` hack that we inserted to work around https://trac.nginx.org/nginx/ticket/810, since it's only necessary for http blocks.
2016-01-01 19:35:57 -05:00
]]])
Minor bugfixes (#7891) * Fix dangerous default argument * Remove unused imports * Remove unnecessary comprehension * Use literal syntax to create data structure * Use literal syntax instead of function calls to create data structure Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
2020-04-13 13:41:39 -04:00
mock_vhost.names = {'foobar.com', 'example.*'}
Refactor _add_directive into separate functions (#5786) * Refactor _add_directive to separate functions * UnspacedList isn't idempotent * refactor parser in add_server_directives and update_or_add_server_directives * update parser tests * remove replace=False and add to update_or_add for replace=True in configurator * remove replace=False and add to update_or_add for replace=True in http01 * update documentation
2018-03-23 19:30:13 -04:00
nparser.update_or_add_server_directives(
mock_vhost, [['ssl_certificate', 'cert.pem']])
Change add_server_directives replace=True behavior to attempt to replace, but append on failure to find. (#4956) * Change add_server_directives replace=True behavior to attempt to replace, but append on failure to find. * Remove try/except around add_server_directives
2017-07-26 16:57:25 -04:00
self.assertEqual(
nparser.parsed[filep],
[[['server'], [['listen', '69.50.225.155:9000'],
['listen', '127.0.0.1'],
['server_name', 'foobar.com'], ['#', COMMENT],
['server_name', 'example.*'], [],
['ssl_certificate', 'cert.pem'], ['#', COMMENT], [],
]]])
Fix and add test for get_vhosts
2015-04-10 21:17:17 -04:00
def test_get_best_match(self):
Add test for nginx name matching
2015-04-14 01:57:06 -04:00
target_name = 'www.eff.org'
Minor bugfixes (#7891) * Fix dangerous default argument * Remove unused imports * Remove unnecessary comprehension * Use literal syntax to create data structure * Use literal syntax instead of function calls to create data structure Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
2020-04-13 13:41:39 -04:00
names = [{'www.eff.org', 'irrelevant.long.name.eff.org', '*.org'},
{'eff.org', 'ww2.eff.org', 'test.www.eff.org'},
{'*.eff.org', '.www.eff.org'},
{'.eff.org', '*.org'},
{'www.eff.', 'www.eff.*', '*.www.eff.org'},
{'example.com', r'~^(www\.)?(eff.+)', '*.eff.*'},
{'*', r'~^(www\.)?(eff.+)'},
{'www.*', r'~^(www\.)?(eff.+)', '.test.eff.org'},
{'*.org', r'*.eff.org', 'www.eff.*'},
{'*.www.eff.org', 'www.*'},
{'*.org'},
set(),
nginx: fix server_name case-sensitivity in parser (#8263) This commit fixes an issue with the nginx parser where it would perform case-sensitive matching against server_name. This would cause the authenticator and installer to ignore existing virtualhosts containing uppercase characters, resulting in duplicate virtualhosts and broken configurations. "Exact" and "wildcard" matching is now case-insensitive. Regex-based matching will continue to respect the case mode of the pattern. Fixes #6776.
2020-09-08 17:14:54 -04:00
{'example.com'},
{'www.Eff.org'},
{'.efF.org'}]
Add test for nginx name matching
2015-04-14 01:57:06 -04:00
winners = [('exact', 'www.eff.org'),
(None, None),
('exact', '.www.eff.org'),
('wildcard_start', '.eff.org'),
('wildcard_end', 'www.eff.*'),
Fix most pylint errors
2015-04-17 20:05:00 -04:00
('regex', r'~^(www\.)?(eff.+)'),
Add test for nginx name matching
2015-04-14 01:57:06 -04:00
('wildcard_start', '*'),
('wildcard_end', 'www.*'),
('wildcard_start', '*.eff.org'),
('wildcard_end', 'www.*'),
('wildcard_start', '*.org'),
(None, None),
nginx: fix server_name case-sensitivity in parser (#8263) This commit fixes an issue with the nginx parser where it would perform case-sensitive matching against server_name. This would cause the authenticator and installer to ignore existing virtualhosts containing uppercase characters, resulting in duplicate virtualhosts and broken configurations. "Exact" and "wildcard" matching is now case-insensitive. Regex-based matching will continue to respect the case mode of the pattern. Fixes #6776.
2020-09-08 17:14:54 -04:00
(None, None),
('exact', 'www.Eff.org'),
('wildcard_start', '.efF.org')]
Add test for nginx name matching
2015-04-14 01:57:06 -04:00
for i, winner in enumerate(winners):
Address @kuba's review comments
2015-04-18 13:20:19 -04:00
self.assertEqual(winner,
parser.get_best_match(target_name, names[i]))
Add test for recursive file parsing
2015-04-07 17:57:37 -04:00
Lint, improve coverage, rm unused code
2016-08-08 18:45:49 -04:00
def test_comment_directive(self):
# pylint: disable=protected-access
block = nginxparser.UnspacedList([
["\n", "a", " ", "b", "\n"],
["c", " ", "d"],
["\n", "e", " ", "f"]])
Make the contents of the nginx plugin private (#7589) Part of #5775. * Create _internal folder certbot-nginx * Move configurator.py to _internal * Move constants.py to _internal * Move display_ops.py to _internal * Move http_01.py to _internal * Move nginxparser.py to _internal * Move obj.py to _internal * Move parser_obj.py to _internal * Move parser.py to _internal * Update location and references for tls_configs * exclude parser_obj from coverage
2019-11-25 17:30:24 -05:00
from certbot_nginx._internal.parser import comment_directive, COMMENT_BLOCK
Create a new server block when making server block ssl (#5220) * create_new_vhost_from_default --> duplicate_vhost * add source_path property * set source path for duplicated vhost * change around logic of where making ssl happens * don't add listen 80 to newly created ssl block * cache vhosts list * remove source path * add redirect block if we created a new server block * Remove listen directives when making server block ssl * Reset vhost cache on parser load * flip connected pointer direction for finding newly made server block to match previous redirect search constraints * also test for new redirect block styles * fix contains_list and test redirect blocks * update lint, parser, and obj tests * reset new vhost (fixing previous bug) and move removing default from addrs under if statement * reuse and update newly created ssl server block when appropriate, and update unit tests * append newly created server blocks to file instead of inserting directly after, so we don't have to update other vhosts' paths * add coverage for NO_IF_REDIRECT_COMMENT_BLOCK * add coverage for parser load calls * replace some double quotes with single quotes * replace backslash continuations with parentheses * update docstrings * switch to only creating a new block on redirect enhancement, including removing the get_vhosts cache * update configurator tests * update obj test * switch delete_default default for duplicate_vhost
2017-12-07 12:48:54 -05:00
comment_directive(block, 1)
comment_directive(block, 0)
Lint, improve coverage, rm unused code
2016-08-08 18:45:49 -04:00
self.assertEqual(block.spaced, [
["\n", "a", " ", "b", "\n"],
Fix up COMMENT constants
2016-08-16 20:45:43 -04:00
COMMENT_BLOCK,
Lint, improve coverage, rm unused code
2016-08-08 18:45:49 -04:00
"\n",
["c", " ", "d"],
Fix up COMMENT constants
2016-08-16 20:45:43 -04:00
COMMENT_BLOCK,
Lint, improve coverage, rm unused code
2016-08-08 18:45:49 -04:00
["\n", "e", " ", "f"]])
Add a test for #4557 (#4609)
2017-05-02 21:37:54 -04:00
def test_comment_out_directive(self):
server_block = nginxparser.loads("""
server {
listen 80;
root /var/www/html;
index star.html;
server_name *.functorkitten.xyz;
ssl_session_timeout 1440m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
}""")
block = server_block[0][1]
Make the contents of the nginx plugin private (#7589) Part of #5775. * Create _internal folder certbot-nginx * Move configurator.py to _internal * Move constants.py to _internal * Move display_ops.py to _internal * Move http_01.py to _internal * Move nginxparser.py to _internal * Move obj.py to _internal * Move parser_obj.py to _internal * Move parser.py to _internal * Update location and references for tls_configs * exclude parser_obj from coverage
2019-11-25 17:30:24 -05:00
from certbot_nginx._internal.parser import _comment_out_directive
Add a test for #4557 (#4609)
2017-05-02 21:37:54 -04:00
_comment_out_directive(block, 4, "blah1")
_comment_out_directive(block, 5, "blah2")
_comment_out_directive(block, 6, "blah3")
self.assertEqual(block.spaced, [
['\n ', 'listen', ' ', '80'],
['\n ', 'root', ' ', '/var/www/html'],
['\n ', 'index', ' ', 'star.html'],
['\n\n ', 'server_name', ' ', '*.functorkitten.xyz'],
['\n ', '#', ' ssl_session_timeout 1440m; # duplicated in blah1'],
[' ', '#', ' ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # duplicated in blah2'],
['\n\n ', '#', ' ssl_prefer_server_ciphers on; # duplicated in blah3'],
'\n '])
Mark Nginx vhosts as ssl when any vhost is on ssl at that address (#3856) * Move parse_server to be a method of NginxParser * add super equal method to more correctly check addr equality in nginx should we support ipv6 in nginx in the future * add addr:normalized_tuple method * mark addresses listening sslishly due to another server block listening sslishly on that address * test turning on ssl globally * add docstring * lint and remove extra file
2016-12-05 22:17:04 -05:00
def test_parse_server_raw_ssl(self):
server = parser._parse_server_raw([ #pylint: disable=protected-access
Don't mix tabs & spaces in Python. It's a bit silly, and might cause someone a lot of grief to debug.
2016-02-20 04:38:45 -05:00
['listen', '443']
])
Makes NginxParser aware of directive Fixes #2059
2016-01-07 11:27:40 -05:00
self.assertFalse(server['ssl'])
Mark Nginx vhosts as ssl when any vhost is on ssl at that address (#3856) * Move parse_server to be a method of NginxParser * add super equal method to more correctly check addr equality in nginx should we support ipv6 in nginx in the future * add addr:normalized_tuple method * mark addresses listening sslishly due to another server block listening sslishly on that address * test turning on ssl globally * add docstring * lint and remove extra file
2016-12-05 22:17:04 -05:00
server = parser._parse_server_raw([ #pylint: disable=protected-access
Fix nginx parser (#4296) * rewrite nginx parser to allow everything that nginx does * also make changes in tls_sni_01.py * add test case with * allow embedded variables * allow empty ${} variable * fix quotes * un-special case if * update all tests to reflect current parsing * escape in QuotedString after merge * add test cases for variable weirdness that are almost certainly nginx bugs * update regex for correct variable rules * close paren doesn't invoke last_space * Make test file valid Nginx syntax
2017-03-24 22:45:53 -04:00
['listen', '443', 'ssl']
Don't mix tabs & spaces in Python. It's a bit silly, and might cause someone a lot of grief to debug.
2016-02-20 04:38:45 -05:00
])
Makes NginxParser aware of directive Fixes #2059
2016-01-07 11:27:40 -05:00
self.assertTrue(server['ssl'])
Mark Nginx vhosts as ssl when any vhost is on ssl at that address (#3856) * Move parse_server to be a method of NginxParser * add super equal method to more correctly check addr equality in nginx should we support ipv6 in nginx in the future * add addr:normalized_tuple method * mark addresses listening sslishly due to another server block listening sslishly on that address * test turning on ssl globally * add docstring * lint and remove extra file
2016-12-05 22:17:04 -05:00
server = parser._parse_server_raw([ #pylint: disable=protected-access
Don't mix tabs & spaces in Python. It's a bit silly, and might cause someone a lot of grief to debug.
2016-02-20 04:38:45 -05:00
['listen', '443'], ['ssl', 'off']
])
Makes NginxParser aware of directive Fixes #2059
2016-01-07 11:27:40 -05:00
self.assertFalse(server['ssl'])
Mark Nginx vhosts as ssl when any vhost is on ssl at that address (#3856) * Move parse_server to be a method of NginxParser * add super equal method to more correctly check addr equality in nginx should we support ipv6 in nginx in the future * add addr:normalized_tuple method * mark addresses listening sslishly due to another server block listening sslishly on that address * test turning on ssl globally * add docstring * lint and remove extra file
2016-12-05 22:17:04 -05:00
server = parser._parse_server_raw([ #pylint: disable=protected-access
Don't mix tabs & spaces in Python. It's a bit silly, and might cause someone a lot of grief to debug.
2016-02-20 04:38:45 -05:00
['listen', '443'], ['ssl', 'on']
])
Makes NginxParser aware of directive Fixes #2059
2016-01-07 11:27:40 -05:00
self.assertTrue(server['ssl'])
Add test for recursive file parsing
2015-04-07 17:57:37 -04:00
Don't crash on listen unix: (#4259) Fixes #4225. * don't crash on listen unix: * correctly merge #4221
2017-02-27 16:35:29 -05:00
def test_parse_server_raw_unix(self):
server = parser._parse_server_raw([ #pylint: disable=protected-access
['listen', 'unix:/var/run/nginx.sock']
])
self.assertEqual(len(server['addrs']), 0)
Mark Nginx vhosts as ssl when any vhost is on ssl at that address (#3856) * Move parse_server to be a method of NginxParser * add super equal method to more correctly check addr equality in nginx should we support ipv6 in nginx in the future * add addr:normalized_tuple method * mark addresses listening sslishly due to another server block listening sslishly on that address * test turning on ssl globally * add docstring * lint and remove extra file
2016-12-05 22:17:04 -05:00
def test_parse_server_global_ssl_applied(self):
Switch to using include directive for Nginx constants (#4557) * Switch to using include directive for Nginx constants * remove deprecated comment * give better error message when attempting to insert an existing directive * make code more readable * add docstrings * allow a duplicated directive if it's identical * comment out precisely repeated directives * add comments
2017-05-02 20:56:56 -04:00
nparser = parser.NginxParser(self.config_path)
Mark Nginx vhosts as ssl when any vhost is on ssl at that address (#3856) * Move parse_server to be a method of NginxParser * add super equal method to more correctly check addr equality in nginx should we support ipv6 in nginx in the future * add addr:normalized_tuple method * mark addresses listening sslishly due to another server block listening sslishly on that address * test turning on ssl globally * add docstring * lint and remove extra file
2016-12-05 22:17:04 -05:00
server = nparser.parse_server([
['listen', '443']
])
self.assertTrue(server['ssl'])
Create a new server block when making server block ssl (#5220) * create_new_vhost_from_default --> duplicate_vhost * add source_path property * set source path for duplicated vhost * change around logic of where making ssl happens * don't add listen 80 to newly created ssl block * cache vhosts list * remove source path * add redirect block if we created a new server block * Remove listen directives when making server block ssl * Reset vhost cache on parser load * flip connected pointer direction for finding newly made server block to match previous redirect search constraints * also test for new redirect block styles * fix contains_list and test redirect blocks * update lint, parser, and obj tests * reset new vhost (fixing previous bug) and move removing default from addrs under if statement * reuse and update newly created ssl server block when appropriate, and update unit tests * append newly created server blocks to file instead of inserting directly after, so we don't have to update other vhosts' paths * add coverage for NO_IF_REDIRECT_COMMENT_BLOCK * add coverage for parser load calls * replace some double quotes with single quotes * replace backslash continuations with parentheses * update docstrings * switch to only creating a new block on redirect enhancement, including removing the get_vhosts cache * update configurator tests * update obj test * switch delete_default default for duplicate_vhost
2017-12-07 12:48:54 -05:00
def test_duplicate_vhost(self):
Revert "Nginx reversion (#5299)" (#5305) This reverts commit c9949411cdc5a058d8114a430d98b45c80384650.
2017-12-06 20:45:20 -05:00
nparser = parser.NginxParser(self.config_path)
vhosts = nparser.get_vhosts()
default = [x for x in vhosts if 'default' in x.filep][0]
Remove ipv6only=on from duplicated vhosts (#5793) * rename delete_default to remove_singleton_listen_params * update docstring * add documentation to obj.py * add test for remove duplicate ipv6only * Remove ipv6only=on from duplicated vhosts * add test to make sure ipv6only=on is not erroneously removed
2018-03-27 18:11:39 -04:00
new_vhost = nparser.duplicate_vhost(default, remove_singleton_listen_params=True)
Revert "Nginx reversion (#5299)" (#5305) This reverts commit c9949411cdc5a058d8114a430d98b45c80384650.
2017-12-06 20:45:20 -05:00
nparser.filedump(ext='')
# check properties of new vhost
Improve assertions in nginx and DNS plugin tests. (#9157) * Improve assertions in nginx and DNS plugin tests. * Use assertIs for asserting is True/False.
2022-01-04 17:59:58 -05:00
self.assertIs(next(iter(new_vhost.addrs)).default, False)
Revert "Nginx reversion (#5299)" (#5305) This reverts commit c9949411cdc5a058d8114a430d98b45c80384650.
2017-12-06 20:45:20 -05:00
self.assertNotEqual(new_vhost.path, default.path)
# check that things are written to file correctly
new_nparser = parser.NginxParser(self.config_path)
new_vhosts = new_nparser.get_vhosts()
new_defaults = [x for x in new_vhosts if 'default' in x.filep]
self.assertEqual(len(new_defaults), 2)
new_vhost_parsed = new_defaults[1]
Improve assertions in nginx and DNS plugin tests. (#9157) * Improve assertions in nginx and DNS plugin tests. * Use assertIs for asserting is True/False.
2022-01-04 17:59:58 -05:00
self.assertIs(next(iter(new_vhost_parsed.addrs)).default, False)
Revert "Nginx reversion (#5299)" (#5305) This reverts commit c9949411cdc5a058d8114a430d98b45c80384650.
2017-12-06 20:45:20 -05:00
self.assertEqual(next(iter(default.names)), next(iter(new_vhost_parsed.names)))
self.assertEqual(len(default.raw), len(new_vhost_parsed.raw))
self.assertTrue(next(iter(default.addrs)).super_eq(next(iter(new_vhost_parsed.addrs))))
Remove ipv6only=on from duplicated vhosts (#5793) * rename delete_default to remove_singleton_listen_params * update docstring * add documentation to obj.py * add test for remove duplicate ipv6only * Remove ipv6only=on from duplicated vhosts * add test to make sure ipv6only=on is not erroneously removed
2018-03-27 18:11:39 -04:00
def test_duplicate_vhost_remove_ipv6only(self):
nparser = parser.NginxParser(self.config_path)
vhosts = nparser.get_vhosts()
ipv6ssl = [x for x in vhosts if 'ipv6ssl' in x.filep][0]
new_vhost = nparser.duplicate_vhost(ipv6ssl, remove_singleton_listen_params=True)
nparser.filedump(ext='')
for addr in new_vhost.addrs:
self.assertFalse(addr.ipv6only)
identical_vhost = nparser.duplicate_vhost(ipv6ssl, remove_singleton_listen_params=False)
nparser.filedump(ext='')
called = False
for addr in identical_vhost.addrs:
if addr.ipv6:
self.assertTrue(addr.ipv6only)
called = True
self.assertTrue(called)
Added test for valid/invalid unicode characters
2018-10-31 03:48:01 -04:00
def test_valid_unicode_characters(self):
nparser = parser.NginxParser(self.config_path)
Remove `unicode_support/` path in test case
2020-02-23 12:23:46 -05:00
path = nparser.abs_path('valid_unicode_comments.conf')
Trivial code clean-up
2020-02-23 12:48:21 -05:00
parsed = nparser._parse_files(path) # pylint: disable=protected-access
Added test for valid/invalid unicode characters
2018-10-31 03:48:01 -04:00
self.assertEqual(['server'], parsed[0][2][0])
self.assertEqual(['listen', '80'], parsed[0][2][1][3])
nginx: fix Unicode crash on Python 2 (#8480) * nginx: fix py2 unicode sandwich The nginx parser would crash when saving configuraitons containing Unicode, because py2's `str` type does not support Unicode. This change fixes that crash by ensuring that a string type supporting Unicode is used in both Python 2 and Python 3. * nginx: add unicode to the integration test config * update CHANGELOG
2020-11-27 12:15:27 -05:00
def test_valid_unicode_roundtrip(self):
"""This tests the parser's ability to load and save a config containing Unicode"""
nparser = parser.NginxParser(self.config_path)
nparser._parse_files(
nparser.abs_path('valid_unicode_comments.conf')
) # pylint: disable=protected-access
nparser.filedump(lazy=False)
Added test for valid/invalid unicode characters
2018-10-31 03:48:01 -04:00
def test_invalid_unicode_characters(self):
Add logging test for `_parse_files()`
2020-02-23 12:47:44 -05:00
with self.assertLogs() as log:
nparser = parser.NginxParser(self.config_path)
path = nparser.abs_path('invalid_unicode_comments.conf')
parsed = nparser._parse_files(path) # pylint: disable=protected-access
Added test for valid/invalid unicode characters
2018-10-31 03:48:01 -04:00
self.assertEqual([], parsed)
Update parser test to better assert logging output
2020-02-24 23:26:36 -05:00
self.assertTrue(any(
('invalid character' in output) and ('UTF-8' in output)
Add logging test for `_parse_files()`
2020-02-23 12:47:44 -05:00
for output in log.output
Update parser test to better assert logging output
2020-02-24 23:26:36 -05:00
))
Remove ipv6only=on from duplicated vhosts (#5793) * rename delete_default to remove_singleton_listen_params * update docstring * add documentation to obj.py * add test for remove duplicate ipv6only * Remove ipv6only=on from duplicated vhosts * add test to make sure ipv6only=on is not erroneously removed
2018-03-27 18:11:39 -04:00
Add test case for `_parse_ssl_options()`
2020-02-23 12:46:27 -05:00
def test_valid_unicode_characters_in_ssl_options(self):
nparser = parser.NginxParser(self.config_path)
path = nparser.abs_path('valid_unicode_comments.conf')
parsed = parser._parse_ssl_options(path) # pylint: disable=protected-access
self.assertEqual(['server'], parsed[2][0])
self.assertEqual(['listen', '80'], parsed[2][1][3])
def test_invalid_unicode_characters_in_ssl_options(self):
with self.assertLogs() as log:
nparser = parser.NginxParser(self.config_path)
path = nparser.abs_path('invalid_unicode_comments.conf')
parsed = parser._parse_ssl_options(path) # pylint: disable=protected-access
self.assertEqual([], parsed)
Update parser test to better assert logging output
2020-02-24 23:26:36 -05:00
self.assertTrue(any(
('invalid character' in output) and ('UTF-8' in output)
Add test case for `_parse_ssl_options()`
2020-02-23 12:46:27 -05:00
for output in log.output
Update parser test to better assert logging output
2020-02-24 23:26:36 -05:00
))
Fix lint issues
2016-01-25 11:39:46 -05:00
Improve assertions in nginx and DNS plugin tests. (#9157) * Improve assertions in nginx and DNS plugin tests. * Use assertIs for asserting is True/False.
2022-01-04 17:59:58 -05:00
Add test for recursive file parsing
2015-04-07 17:57:37 -04:00
if __name__ == "__main__":
Cover tests (fixes #402). 1. --cover-tests, to make sure every test is run, helped to find broken determine_account tests 2. fix determine_account test 3. unittest.main() # pragma: no cover 4. bump coverage coveralls.io always reported higher coverage, because it also looked at test files.
2015-05-10 13:34:25 -04:00
unittest.main() # pragma: no cover
Reference in a new issue Copy permalink