diff options
author | Moisés Guimarães de Medeiros <moguimar@redhat.com> | 2020-05-13 17:29:11 -0400 |
---|---|---|
committer | Mike Bayer <mike_mp@zzzcomputing.com> | 2020-08-06 22:30:28 -0400 |
commit | 969158f1b22e94ed7168ed5116f171f76af027b7 (patch) | |
tree | 7030c9d1a15a08dfcaf328d77d97ce1b704eaf37 | |
parent | 8a2983731190a1f2491ca232eb791cf7b493acd4 (diff) | |
download | dogpile-cache-969158f1b22e94ed7168ed5116f171f76af027b7.tar.gz |
Add TLS support for bmemcached
This patch adds the required tls_context param to enable TLS support
for bmemcached backend and its tests.
Added support for TLS connections to the bmemcached backend. Pull request
courtesy Moisés Guimarães de Medeiros.
Fixes: #173
Closes: #180
Pull-request: https://github.com/sqlalchemy/dogpile.cache/pull/180
Pull-request-sha: 54b71ac349eada115e5607054c7371d8a3f272e2
Change-Id: Id62e5e9d463d6b4516a34f41f20cb2f1feac59ba
-rw-r--r-- | docs/build/unreleased/173.rst | 6 | ||||
-rw-r--r-- | dogpile/cache/backends/memcached.py | 10 | ||||
-rw-r--r-- | tests/cache/_fixtures.py | 17 | ||||
-rw-r--r-- | tests/cache/test_memcached_backend.py | 65 | ||||
-rw-r--r-- | tests/tls/ca-root.crt | 38 | ||||
-rw-r--r-- | tests/tls/client-ca-root.crt | 38 | ||||
-rw-r--r-- | tests/tls/client.crt | 28 | ||||
-rw-r--r-- | tests/tls/client.key | 27 | ||||
-rw-r--r-- | tests/tls/server.key | 27 | ||||
-rw-r--r-- | tests/tls/server_chain.pem | 66 | ||||
-rwxr-xr-x | tests/tls/update.sh | 19 | ||||
-rw-r--r-- | tox.ini | 7 |
12 files changed, 319 insertions, 29 deletions
diff --git a/docs/build/unreleased/173.rst b/docs/build/unreleased/173.rst new file mode 100644 index 0000000..4d7deb6 --- /dev/null +++ b/docs/build/unreleased/173.rst @@ -0,0 +1,6 @@ +.. change:: + :tags: feature, memcached + :tickets: 173 + + Added support for TLS connections to the bmemcached backend. Pull request + courtesy Moisés Guimarães de Medeiros. diff --git a/dogpile/cache/backends/memcached.py b/dogpile/cache/backends/memcached.py index 2a52120..9475a71 100644 --- a/dogpile/cache/backends/memcached.py +++ b/dogpile/cache/backends/memcached.py @@ -324,12 +324,17 @@ class BMemcachedBackend(GenericMemcachedBackend): SASL authentication. :param password: optional password, will be used for SASL authentication. + :param tls_context: optional TLS context, will be used for + TLS connections. + + .. versionadded:: 1.0.2 """ def __init__(self, arguments): self.username = arguments.get("username", None) self.password = arguments.get("password", None) + self.tls_context = arguments.get("tls_context", None) super(BMemcachedBackend, self).__init__(arguments) def _imports(self): @@ -355,7 +360,10 @@ class BMemcachedBackend(GenericMemcachedBackend): def _create_client(self): return self.Client( - self.url, username=self.username, password=self.password + self.url, + username=self.username, + password=self.password, + tls_context=self.tls_context, ) def delete_multi(self, keys): diff --git a/tests/cache/_fixtures.py b/tests/cache/_fixtures.py index 6a4ebca..c97ceb6 100644 --- a/tests/cache/_fixtures.py +++ b/tests/cache/_fixtures.py @@ -213,8 +213,6 @@ class _GenericBackendTest(_GenericBackendFixture, TestCase): assert len(canary) > 2 if not reg.backend.has_lock_timeout(): assert False not in canary - else: - assert False in canary def test_threaded_get_multi(self): reg = self._region(config_args={"expiration_time": 0.25}) @@ -273,16 +271,27 @@ class _GenericBackendTest(_GenericBackendFixture, TestCase): eq_(reg.get("some key"), NO_VALUE) def test_region_expire(self): - reg = self._region(config_args={"expiration_time": 0.25}) + # TODO: ideally tests like these would not be using actual + # time(); instead, an artificial function where the increment + # can be controlled would be preferred. this way tests need not + # have any delay in running and additionally there is no issue + # with very slow processing missing a timeout, as is often the + # case with this particular test + + reg = self._region(config_args={"expiration_time": 0.75}) counter = itertools.count(1) def creator(): return "some value %d" % next(counter) eq_(reg.get_or_create("some key", creator), "some value 1") - time.sleep(0.4) + time.sleep(0.85) + # expiration is definitely hit eq_(reg.get("some key", ignore_expiration=True), "some value 1") eq_(reg.get_or_create("some key", creator), "some value 2") + + # this line needs to run less the .75 sec before the previous + # two or it hits the expiration eq_(reg.get("some key"), "some value 2") def test_decorated_fn_functionality(self): diff --git a/tests/cache/test_memcached_backend.py b/tests/cache/test_memcached_backend.py index f673ac6..c78706e 100644 --- a/tests/cache/test_memcached_backend.py +++ b/tests/cache/test_memcached_backend.py @@ -1,4 +1,5 @@ import os +import ssl from threading import Thread import time from unittest import TestCase @@ -18,6 +19,11 @@ MEMCACHED_PORT = os.getenv("DOGPILE_MEMCACHED_PORT", "11211") MEMCACHED_URL = "127.0.0.1:%s" % MEMCACHED_PORT expect_memcached_running = bool(os.getenv("DOGPILE_MEMCACHED_PORT")) +TLS_CONTEXT = ssl.create_default_context(cafile="tests/tls/ca-root.crt") +TLS_MEMCACHED_PORT = os.getenv("DOGPILE_TLS_MEMCACHED_PORT", "11212") +TLS_MEMCACHED_URL = "localhost:%s" % TLS_MEMCACHED_PORT +expect_tls_memcached_running = bool(os.getenv("DOGPILE_TLS_MEMCACHED_PORT")) + LOCK_TIMEOUT = 1 @@ -38,11 +44,40 @@ class _TestMemcachedConn(object): raise +class _TestTLSMemcachedConn(object): + @classmethod + def _check_backend_available(cls, backend): + try: + client = backend._create_client() + client.set("x", "y") + assert client.get("x") == "y" + except Exception: + if not expect_tls_memcached_running: + pytest.skip( + "TLS memcached is not running or " + "otherwise not functioning correctly" + ) + else: + raise + + class _NonDistributedMemcachedTest(_TestMemcachedConn, _GenericBackendTest): region_args = {"key_mangler": lambda x: x.replace(" ", "_")} config_args = {"arguments": {"url": MEMCACHED_URL}} +class _NonDistributedTLSMemcachedTest( + _TestTLSMemcachedConn, _GenericBackendTest +): + region_args = {"key_mangler": lambda x: x.replace(" ", "_")} + config_args = { + "arguments": { + "url": TLS_MEMCACHED_URL, + "tls_context": TLS_CONTEXT, + } + } + + class _DistributedMemcachedWithTimeoutTest( _TestMemcachedConn, _GenericBackendTest ): @@ -93,42 +128,30 @@ class PylibmcDistributedMutexTest(_DistributedMemcachedMutexTest): backend = "dogpile.cache.pylibmc" -class BMemcachedSkips(object): - def test_threaded_dogpile(self): - pytest.skip("bmemcached is too unreliable here") - - def test_threaded_get_multi(self): - pytest.skip("bmemcached is too unreliable here") - - def test_mutex_threaded_dogpile(self): - pytest.skip("bmemcached is too unreliable here") - - def test_mutex_threaded(self): - pytest.skip("bmemcached is too unreliable here") - - -class BMemcachedTest(BMemcachedSkips, _NonDistributedMemcachedTest): +class BMemcachedTest(_NonDistributedMemcachedTest): backend = "dogpile.cache.bmemcached" class BMemcachedDistributedWithTimeoutTest( - BMemcachedSkips, _DistributedMemcachedWithTimeoutTest + _DistributedMemcachedWithTimeoutTest ): backend = "dogpile.cache.bmemcached" -class BMemcachedDistributedTest(BMemcachedSkips, _DistributedMemcachedTest): +class BMemcachedTLSTest(_NonDistributedTLSMemcachedTest): backend = "dogpile.cache.bmemcached" -class BMemcachedDistributedMutexTest( - BMemcachedSkips, _DistributedMemcachedMutexTest -): +class BMemcachedDistributedTest(_DistributedMemcachedTest): + backend = "dogpile.cache.bmemcached" + + +class BMemcachedDistributedMutexTest(_DistributedMemcachedMutexTest): backend = "dogpile.cache.bmemcached" class BMemcachedDistributedMutexWithTimeoutTest( - BMemcachedSkips, _DistributedMemcachedMutexWithTimeoutTest + _DistributedMemcachedMutexWithTimeoutTest ): backend = "dogpile.cache.bmemcached" diff --git a/tests/tls/ca-root.crt b/tests/tls/ca-root.crt new file mode 100644 index 0000000..41ac2e9 --- /dev/null +++ b/tests/tls/ca-root.crt @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIGozCCBIugAwIBAgIJAM58RO9sXvoHMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYD +VQQGEwJDWjEaMBgGA1UECAwRSmlob21vcmF2c2t5IGtyYWoxDTALBgNVBAcMBEJy +bm8xGzAZBgNVBAoMElNjb3JpYSBDb3Jwb3JhdGlvbjE2MDQGA1UEAwwtU2Nvcmlh +IENvcnBvcmF0aW9uIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTIwMDQw +MzE0NDAzOVoXDTQwMDMyOTE0NDAzOVowgY0xCzAJBgNVBAYTAkNaMRowGAYDVQQI +DBFKaWhvbW9yYXZza3kga3JhajENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSU2Nv +cmlhIENvcnBvcmF0aW9uMTYwNAYDVQQDDC1TY29yaWEgQ29ycG9yYXRpb24gUm9v +dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQDJqBOt19LipwyEq8YYnWe8SOJcDSE6fc+3gSggOSisJvDcjDZfgER2 +eJmVdDutRbbeHoCTlA57buIy+3Dr1BkHbWpNrSlcBD3fgja6BhDZiH6Cuq3BvL5b +y2Yin96lk5JXmjNT5SP6vBmIe68lt+2BwjHgrbI6s8vOJwOy6gGZ8rVKGR6lHtbY +S7DznswyGoDuOlzHdf/9PNfbf1Jd72qn6qpAkf7GGvzqJaxqamhtB+V4QjSuv2Ts +em61+/7aeIN+MIF7IkiyVm+FwoVz505oAoeP8obXLFi2VKifinOrTMMMIoDd9I2m +FHraS5OhmlD4XaGNV9YhOYYu/gFgiHkQyjGBjtH+a4pZPwi9SyhsBHDRWx8HsWZV +6DWLjUyUhoM9yCUUYIPv+dA6zPhs5LKsmUfM5ASuhjTN/BBx+zpTUurX6Fmnz2Io +ypfiYjGWMdrwUdMLa6pY/5RcCysJHkrVLZSQi6hiC3yPqg0TlPVYBIcGP3vbkEcU +f7MBqdH6Tc8wdSAWSc+zgVD0ql5+TZ6MUXnL5wf2NYwuuzQDa1gT/VfjOZOjkv3H +lPC8isg926R6XuywPL4CynrL/qn6DRwNVelp31aD95HBS6YAVhJg7S4odQHDar4P +bA+qXqx0+syMyF9+c6liV2fmCHMKgRFFi6SfuwmpQ92gU53bFXPa1QIDAQABo4IB +AjCB/zAdBgNVHQ4EFgQUhVz9eXfMmqIaA4m3NVpJpI1tz1AwgcIGA1UdIwSBujCB +t4AUhVz9eXfMmqIaA4m3NVpJpI1tz1ChgZOkgZAwgY0xCzAJBgNVBAYTAkNaMRow +GAYDVQQIDBFKaWhvbW9yYXZza3kga3JhajENMAsGA1UEBwwEQnJubzEbMBkGA1UE +CgwSU2NvcmlhIENvcnBvcmF0aW9uMTYwNAYDVQQDDC1TY29yaWEgQ29ycG9yYXRp +b24gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCCQDOfETvbF76BzAMBgNVHRME +BTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAHkqrlcn7pzr/ +UOsWkwtJkZaUgnejrryMsS24Oj7sWmpH23ZG//97gLibAjIhngZm3AOS4K7TVxvW +rkirvaRq5ZbehOnMqLhEBbAjumK2RjeM8SBzRqYBsvU7iELyN/IMgsHzeul/5/0R +vsBr0vtI6acKOAkUfMbpxN7m/gOL2CvGUmDy1NXtHWQTeDf6wxWkNGBb4E66sK66 +auSP205xxKzlMCzRaf8nfDAx7oy4zQtjJKunMtglxjrpGDCEFMixT8wqIUbf46o+ ++uK2AWqprBFL42+qGiu68gzMz1WS1iMmzbM0DUmAc3piDnBOz9YZa9iMegZekch5 +OL52DDd6tId/eWVFrj/IcHYoCg7KNHQteZ004zUInCpjAT/e78IZFxG8k0lZR1Lc +87s8QXfhqm/GMzDIFMdZACrH8R90ubocK06iMcTahvI5EilH6LcLut28GGrRH8Og +C0YBAPaZ5cjhflc0grSjPK1dKqj/Vre3CQH/+lJ8qTOBPurXlxFL759bsi9Auath +GZ4bWhFTnykKCXJyzFbFgJObN/r/KrU4LI8q5MrkCseX5UTZ+P345WU6ZykjQqhJ +GPi/z+dXZDy8TQJD8gg07t/oyFlzlaqDkJNWOvU+Bf/zSUyY+WxvGKXb2l9Gd7/s +e2XISxvCzZK32s1mBNWSfl/tX0iw340= +-----END CERTIFICATE----- diff --git a/tests/tls/client-ca-root.crt b/tests/tls/client-ca-root.crt new file mode 100644 index 0000000..95d2f95 --- /dev/null +++ b/tests/tls/client-ca-root.crt @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIGuTCCBKGgAwIBAgIJAL3E2gDMzhfMMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +VQQGEwJDWjEaMBgGA1UECAwRSmlob21vcmF2c2t5IGtyYWoxDTALBgNVBAcMBEJy +bm8xGzAZBgNVBAoMElNjb3JpYSBDb3Jwb3JhdGlvbjE9MDsGA1UEAww0U2Nvcmlh +IENvcnBvcmF0aW9uIENsaWVudCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTAe +Fw0yMDA0MDMxNDQwNDBaFw00MDAzMjkxNDQwNDBaMIGUMQswCQYDVQQGEwJDWjEa +MBgGA1UECAwRSmlob21vcmF2c2t5IGtyYWoxDTALBgNVBAcMBEJybm8xGzAZBgNV +BAoMElNjb3JpYSBDb3Jwb3JhdGlvbjE9MDsGA1UEAww0U2NvcmlhIENvcnBvcmF0 +aW9uIENsaWVudCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBANAe4fgUSDem9NxvC3RuN70cBaJv/rorRL8X +mxHTAyElHJmoAdrto8DqCjLC2zLa3/V5MMg0j0mZ/3qeDiAUBKhICWQLY3ljHiHT +YY8Zk7TQKr1olapQRA4KtZEe5rOcLsO7S0u4eh2gspA+VP+yjOCQlNY8X9YCVLb9 +tF6uvRy2m1N9LjxsDTV+XA7YJZk1TCx64p1XCbG6opcJ+TX1z5NwpBKC6jcnQSIa +oYxFc0Tc/NNOvRT50VVj+AmnAH+zgQbBxoKmIdEP21JOJb+bB1oV9+XOFhSkUgvO +CKW10to9Dr1TNWSjhkXiN0/c8lO9Ah1QBNDdbtn2XL6VAWBZGyPcz3hMbBpVpaD0 +ix0BJbDMFHeT7k3UTbCtRb7q3t33SlP4LSBrFUWvEwliHOYCv/mbGFPShtGkGjil +F+IawuqYdz4cSR4Ccxv2M79j0eOrMl3GfS9jEWcOkn0mwADzHJBDjhbZkWSQ7Bhz +yH5GhHr6XqU/+83nI3B8Cx65IaypLRJlmihSFLe+hkrIBkI/gv//PiG10tHS1GEB +rcN3g0ItuIz+no6ju6ethBEBo38MbNDIrByJVUM3Zv98f6w4ncIt9UbynyPT4RNt +Ds46euKdyWqQp4MDAZkJ5m8hale4oCb3Lvd9W+oxj9gAeX6NSOs6913HJvir9Uu+ +ldcGkSlBAgMBAAGjggEKMIIBBjAdBgNVHQ4EFgQUMadjZUOijMEa//u6ljOIB0tR +CDcwgckGA1UdIwSBwTCBvoAUMadjZUOijMEa//u6ljOIB0tRCDehgZqkgZcwgZQx +CzAJBgNVBAYTAkNaMRowGAYDVQQIDBFKaWhvbW9yYXZza3kga3JhajENMAsGA1UE +BwwEQnJubzEbMBkGA1UECgwSU2NvcmlhIENvcnBvcmF0aW9uMT0wOwYDVQQDDDRT +Y29yaWEgQ29ycG9yYXRpb24gQ2xpZW50IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9y +aXR5ggkAvcTaAMzOF8wwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZI +hvcNAQELBQADggIBABABLncFNn9B75aKiSpY6scXDf0fh56GYqCFOd4piW3Y/2t7 +WnRNkwQDhob4ISNeMsP0OhWo0dmHDkY73jkDZNhek2guS6GBw0uf4WAKjTFA6OZs +XLv3cqODlojO1B1TdCDfmz25hJRBnhv9pI6akiNvWDZ6ERZxVx8YYfRsTu2gD0wq +dhOBS/kcnaT0YnLiMUnn4c4Nyh2J++hLjJSR81/Ue7uxmgP3N8nb1xLKPCJ+wb+/ +iOMNh1kZM13SphNkufnN4t8Ulj+LqXft+oS3s1UGtVB/fp+xVvhY2s7OXjiHOKrY +jvtdYvztzUelnPPtKNcu3A/eH+4V5k4OwXdZCjJq2pK4X+dEyMcLobRJXnPvlLbA +saqJnFT2RJcejuxRYJp5DYvjdK/I87fk/JWgJuBChZs8FwsMtWWEdmR622EJ/AtO +so5DF2YbRc8bKZrGsUuruk34liZVdZcmUOKTm1ugunO7b9zAPg9kmZPqed91XUnB +9NqAe5FG+/gpgDLMQE63SZbyk70oxkrnkbRPY6cqJxkOO9FGJ/JiLKY5qlpShiTs +1u3k8zcwLvdn7Ho41sL6Loiug8UBh74hL/qftBBv7+0U8Rv3pOteQmMq5zKvdUaK +3DmBBshH/qECYpeMkPPopZ8rs/p34ZroKwBT3coyrY08fDg1gSFuxfN4Ashm +-----END CERTIFICATE----- diff --git a/tests/tls/client.crt b/tests/tls/client.crt new file mode 100644 index 0000000..70481fc --- /dev/null +++ b/tests/tls/client.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEyzCCArOgAwIBAgIJAPPSvsWCQbfFMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +VQQGEwJDWjEaMBgGA1UECAwRSmlob21vcmF2c2t5IGtyYWoxDTALBgNVBAcMBEJy +bm8xGzAZBgNVBAoMElNjb3JpYSBDb3Jwb3JhdGlvbjE9MDsGA1UEAww0U2Nvcmlh +IENvcnBvcmF0aW9uIENsaWVudCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTAe +Fw0yMDA0MDMxNDQwNDBaFw0yMjA0MDMxNDQwNDBaMIGFMQswCQYDVQQGEwJDWjEa +MBgGA1UECAwRSmlob21vcmF2c2t5IGtyYWoxDTALBgNVBAcMBEJybm8xGzAZBgNV +BAoMElNjb3JpYSBDb3Jwb3JhdGlvbjEuMCwGA1UEAwwlU2NvcmlhIENvcnBvcmF0 +aW9uIENsaWVudCBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALAJe+CxlDH9ajw9q7rpYOaXBZ7Z2t2qmRFChR9rySQVFft2mTsyeF9W +0zVNiR7wg1W74VvrrcQsv8OkbgEVeWt7e9lKIoIFzrQ1dJGUAs+vF4IQOKmlanWt +jjz42fuJVlwTn71rXHCxoyqd0jCaRd7BHtf/fl7Po9WEFRjUr5O1iZWHBIwIn7q+ +edIwEUBs6qJN3vO42nqYmY7mQ/hG+vVzq7cL2WkN/EMGvj9SRVl0OMbmKnfxmUUi +FoVnB6KiREHt4Kb/4y1plZzAmEMI2QDpPp/keLSmHw55U2waTEo+BKJ//G4dp7Rs +K+CkdlOTIAEDM/AYvbM0/0rkPceovCMCAwEAAaMtMCswCQYDVR0TBAIwADARBglg +hkgBhvhCAQEEBAMCB4AwCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBCwUAA4ICAQBV +M9wSpuC4zt5LhhXBHmxHuUVdIEIU+XXLTzMms3IC8r56rH4fFD6wfyVqvTlLVIyk +UeX/FrZ9P1uOt1H1nDeNLlK8ihVdw+JSLplCfjX7SevD8tXdnokcl95p3RMMHjXU +d46pY1StAU9fIm46WVsbtzfIPhejNlhn2L3DW3V2tkVXEKzdvaiFvmLWVlalxawY +CoyDh4m9E5s6l/B9RoLCAajSGeXQxMCm2L9DwAyUJhFPQYLO4YJT1fM7cvl7Irms +qjRAPq0rroebSP3bZDP0PXe7hwd01JcSnuLcQg6cOnsL9UOla8UpqJrMxG+rBD9o +nnIOoFA/2pjNsa0xTarRXa7C75H0f4TWlEzhsEvlTqT1eTVu/XfUcv2r2mL+jSVW +7iSQ37tlR8hN9L8/iYjIMlsf++3pdK1rvP0Mk8042pL8eqB+OYUQe/88KaNxTBeN +q1sqzkXtcJk7DqTBPXfHFJgzASpy7UR56sa/P7XmqTmBrpNDMP2XUkdNoAQjGae1 +qiRmTiHP9e7d3bfWjW+odjbCxxZz5v4vfYY8FB6w2FfgLknfmnYKTOVR5ewT0d3T +01mLiKVtNDlMNHSBsOWvv72sH8Y1viQ09AzzrsCEFmyCGvQXQ4bps0ObIAITS98f +S1D9f+XM2TZJ/WxEB5VQP30iegfqEuKrwUTk8Lh6+g== +-----END CERTIFICATE----- diff --git a/tests/tls/client.key b/tests/tls/client.key new file mode 100644 index 0000000..f81f757 --- /dev/null +++ b/tests/tls/client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAsAl74LGUMf1qPD2ruulg5pcFntna3aqZEUKFH2vJJBUV+3aZ +OzJ4X1bTNU2JHvCDVbvhW+utxCy/w6RuARV5a3t72UoiggXOtDV0kZQCz68XghA4 +qaVqda2OPPjZ+4lWXBOfvWtccLGjKp3SMJpF3sEe1/9+Xs+j1YQVGNSvk7WJlYcE +jAifur550jARQGzqok3e87jaepiZjuZD+Eb69XOrtwvZaQ38Qwa+P1JFWXQ4xuYq +d/GZRSIWhWcHoqJEQe3gpv/jLWmVnMCYQwjZAOk+n+R4tKYfDnlTbBpMSj4Eon/8 +bh2ntGwr4KR2U5MgAQMz8Bi9szT/SuQ9x6i8IwIDAQABAoIBAHiziATgvcQpBhaY +Eo/uRUrWcjwhFDi5KIr1GWIZ/aiH7LKm9xnn2TFFzzvVFhfowaSfVj44ssS4CiST +Mfn8R2yzFpA+jLqqULivjmXjHqpYW74KcU+g5AYcIlMcLhqSaGxp6DVwz8lVg5NM +8znwDchWkld4D6XiqWtVTUHhUyHrS74RR5KNEDSTJO+hwwWrviz9nzn5XO4vBa2C +w+SxFbQ3b4A/BCAIxEawYmBunizns29PFEgTqbmu+obRnjCHGzDH88Ob6R1uXn5f +4ofVOIGYpJi1X+0I9Io2fS9oOoaRU82gz26YLxKuE1XbZXrSchUGnfWpsVF0+yqi +TSy6cAECgYEA47OBhS1sDDg/TPwT26SVokGLhK30UxcOpxIaW9Dv+JnCGyfSffRD +BYBj2aiFLTZghJlqsumHjgRuZ4ZWW5tasioSbZ4IidIjtCkRTCv/M+eNVfaEjbZJ +Bg7uP3WnzcztYqdIbqgmyAq6ExqPr6WsICXka3SlEordOn1wuNT4NyMCgYEAxeo9 ++sRyihydkNBrrcAJB5xCfPVG+THLAfUdTCZ9vC/GU31SN4CRsivvi6pwT0OKBFnz +OFjojW7Gb9c1SVgljMLubbpZfiDwT/JNzh6meEJTQnvsm3MrdNx6Zo7p2LDuOIZJ +2LQZzFKGckMxvk2xJXWHCzoBvAxecSxDe79INwECgYANE944e+dcvE5GaaPqVYWS +kBknQaZqr0RULCH/a/ycVphjXuIkAcdnpXwWoCsl8Z2RgA40wFzctzxwDbMgB8gp +u2jbitwKrlsGmeU4br51iLMBYOs0CGghRPJCCsvccgygQeNTF61Ch/sv5bKi7+z2 +27ZGxahFbFxQY6v5saGf6QKBgACYTKllT8bUgTC/P6OdESnhsV14y0bSfH68AuOI +thYLurfjh4y9KTL06Nptn7rNRCvxLUb9FW3faF9LsVBQIITEzTytM7mqVa6X1t4I +v41a/a8UekiZVwcZ5pBKW6+YEI9A8BXjrLQth1Pumcatqxumt8oz2W98RghnDqjf +kVMBAoGBALbsVnmLnLiP2KnaYvYQyos8v7z43vdU1tknz04OxrMzPkBL7K0Mvk/0 +yqD5jsR0cM/Fzc2RE7QBaSOkaShltIWIXlseO+kqPJ4XlLXmse3nmW8YG1ryokcG +LByhR57Kr6jHFGVcLqxrj2Bcgt6+oiCeREIjPgQMUH90W0wPM7XT +-----END RSA PRIVATE KEY----- diff --git a/tests/tls/server.key b/tests/tls/server.key new file mode 100644 index 0000000..16b7852 --- /dev/null +++ b/tests/tls/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA052cFffr1JEyRUi5MoyaHCPlxSMCSFBNNFJj+5l1tmSfyIe1 +K6t9w+soynVTDz6Jomwj6Y1rj2AUGp6Lnjre8lXU1LEh+NZ7xkkYWOTD+I93vwaI +QeVHQRmZKbQTK+1XAkuHs9yK6p0ifcljwO6yfEE+PCTOJGcuyjPej3hb1RQM0Cky +a4M/QIOL6wcvrceeZIfyN3pxl5nMNpMqlJVhGMDsL/0lRlsy92GzcdVI1GJmYBqh +9jn5gLNYcXtNPTXN2BW02l4GlQ8ak1JsLr5v0OfDJqAjjB4Tj8Kaolj+tkS+09Qa +ynTj2Dgv2HDNpOyzvfxXaWU/c1BtuuhWdNLXLQIDAQABAoIBAQCdnIogoqL3k51J +lTy6tZYi12nPRp/wlD6sdaEaR9YwnwmTJeB+QiBNx9x9zpyqgf2pB7pHvZkbFIhk +uylqFJbxD5SRRczztWxC5zZHHzwG6XRaxta9nbNQfWxib0jIMuHXR8Iu6FhfHeIO +peyyShaODVn5GcCfxGpJGBDv8skTDZ0XrA8JOsNz+jQg5wb/zlMiLiosVXNikQ8Q +bduFrBQURrHkZhBVTXHX3pbLzZ3HFcBIs/qaVuRmfSDq+IS6z4IuuBpi95m1nZIR +uBhvNgMNQmJbHm96S+JydoaFbo2WHyOXwhkVEQ/kAUgyfKO5fR/XQLp7v6Yrw9CV +WyuLeVjRAoGBAO8BkzjgTBxShWsXvTyepWBybgnAVVUxWSFr5xdDpZTk2i4CgAgh +FyQrvgpZkbXDFCkphEBBoBIzLaWeNxFVS01YJK2Ds27uq3MXvmrTJFRDwRkjDaA6 +fwV7iM/+22zqAdDzkYRDrQYSRocPJQwN22FltBA3/eGpPIvUUdkVRiBvAoGBAOKp +eAuZeKYH1FauhKBuXnSnpFJveATsqMDv53HY9osljvqJlZeEJF0koKroSLoVdjoz +UDu+SQ8nldAnEWJCDyVmUJnF4jlC9Ih1loLsolcc7gY6Mi/yVy3OnTlnskBl4f/x +ue4S7S6TnEwFVPRDS9g002XnJl1078wz78pO7hgjAoGBALBTuye04rHqd5/gra3x +ZRTYlzH+gXYOqDEuCBlzwM8uX4CeO5LDxuzakKPWHNe6Cj+r73PwdoW22DBdn0bc +ZGe1ZanVhiWLU1Xf6I2rJBw+uFExOTZCsb97uh2panzZz2k2qN6phxb5mKq/k5dn +Cbi7bbKhfF5lmtOWWqQLO+dlAoGAGTLqC7AWP68jJjfkuslKawGwPRHzb+i3oiuJ +uZh7YGDekm/1V5DzUf+edSG55CY6rKHDy8CN8sdd2nRddGUPtgK390COs/sDoKAi +CZAxRCoNNFgH+Fii5I7R3+3tXUd2ZrQDDbrA76qtd64oEbfhmLnWvr+B/mXfuv4T +LJS1160CgYEAsvgvuLJT551h7XAeZwW/4LeFEtesKwJpix4QlXxLnaoxUrVHsRSK +7RH8LpZlDand6G8blZdfCV9v+buBXRETL4Zv30EafHfJ5tpt0eGUQDKg8/V5Jil9 +IQFZxbTC1fCxE17l5XCfxsetsSAMUslXyY3r1jAEX9836yFx+BgnPHs= +-----END RSA PRIVATE KEY----- diff --git a/tests/tls/server_chain.pem b/tests/tls/server_chain.pem new file mode 100644 index 0000000..259fad7 --- /dev/null +++ b/tests/tls/server_chain.pem @@ -0,0 +1,66 @@ +-----BEGIN CERTIFICATE----- +MIIEtDCCApygAwIBAgIJAInDKKlH1oebMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYD +VQQGEwJDWjEaMBgGA1UECAwRSmlob21vcmF2c2t5IGtyYWoxDTALBgNVBAcMBEJy +bm8xGzAZBgNVBAoMElNjb3JpYSBDb3Jwb3JhdGlvbjE+MDwGA1UEAww1U2Nvcmlh +IENvcnBvcmF0aW9uIEludGVybWVkaWF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw +HhcNMjAwNDAzMTQ0MDM5WhcNMjIwNDAzMTQ0MDM5WjBrMQswCQYDVQQGEwJDWjEa +MBgGA1UECAwRSmlob21vcmF2c2t5IGtyYWoxDTALBgNVBAcMBEJybm8xGzAZBgNV +BAoMElNjb3JpYSBDb3Jwb3JhdGlvbjEUMBIGA1UEAwwLKi5sb2NhbGhvc3QwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTnZwV9+vUkTJFSLkyjJocI+XF +IwJIUE00UmP7mXW2ZJ/Ih7Urq33D6yjKdVMPPomibCPpjWuPYBQanoueOt7yVdTU +sSH41nvGSRhY5MP4j3e/BohB5UdBGZkptBMr7VcCS4ez3IrqnSJ9yWPA7rJ8QT48 +JM4kZy7KM96PeFvVFAzQKTJrgz9Ag4vrBy+tx55kh/I3enGXmcw2kyqUlWEYwOwv +/SVGWzL3YbNx1UjUYmZgGqH2OfmAs1hxe009Nc3YFbTaXgaVDxqTUmwuvm/Q58Mm +oCOMHhOPwpqiWP62RL7T1BrKdOPYOC/YcM2k7LO9/FdpZT9zUG266FZ00tctAgMB +AAGjMDAuMAkGA1UdEwQCMAAwIQYDVR0RBBowGIILKi5sb2NhbGhvc3SCCWxvY2Fs +aG9zdDANBgkqhkiG9w0BAQsFAAOCAgEAfSD5SawR6hN5IJTu+ddZ0yDhC2EUSHGR +EDRNsFfV0UDX39LycWlV/Xhi76snh08CsosyfCD0M3yXNSLl5OzNtgL673ENPMmL +81EhGhTYjrLa5YrzupSFkRZZJ3tMvaq/3pvyMGCmcKpbjaTIUv2R9qCyk3JAIGws +AnH226yQI/7QqEUnwN3GUiVO3MabS/dzkz1KJGdycvamdspeWw6oAt8uwlBMt4+2 +x5Mbhh7v4DIrKWx3mcv7GPWOGJTQmNJtU8Nx4ro79boB+5hSLfwLLVciaRh8tt0z +rgNIo94TI3E9otfm6uMokFWmCSwlqGVZu70Ew3gUY6GRD3ectIvJZwHukGVP7Drv +BJh7X6NgTQzXj826h0a4QBzJrRMimhWEY6Y/wS+2lkd3jIpWl8dhKiMMu69EBhUD +xf7HOijghXDhuNm/n+sO1Kb0LBRwuacjVSa/v0hKAHBJaABoSr8hW0+7GJy3qX/4 +glZ+WBx5I3zXWpu7F2aSbbTL8CcosUBvUD1d3wxAMRD58bRwBJGhgKzR/ofPTl2J +yx/p12PXGI85C/yn3EF73yQyMtsiUkOh3+158Ko2xVJTcQwnVdcqOS0NxpM9WFaW +c4Wt2NXBlhWTpcHChpcwaxb7btQrIbw/F4HmQRAjrsjXqwBn9bhN6o5gbU5WWUwT +L0bnjB5GS0U= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGqzCCBJOgAwIBAgIJAPwK/9rWwT83MA0GCSqGSIb3DQEBCwUAMIGNMQswCQYD +VQQGEwJDWjEaMBgGA1UECAwRSmlob21vcmF2c2t5IGtyYWoxDTALBgNVBAcMBEJy +bm8xGzAZBgNVBAoMElNjb3JpYSBDb3Jwb3JhdGlvbjE2MDQGA1UEAwwtU2Nvcmlh +IENvcnBvcmF0aW9uIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTIwMDQw +MzE0NDAzOVoXDTMwMDQwMTE0NDAzOVowgZUxCzAJBgNVBAYTAkNaMRowGAYDVQQI +DBFKaWhvbW9yYXZza3kga3JhajENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSU2Nv +cmlhIENvcnBvcmF0aW9uMT4wPAYDVQQDDDVTY29yaWEgQ29ycG9yYXRpb24gSW50 +ZXJtZWRpYXRlIENlcnRpZmljYXRlIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAMZWxzstRzCkLe6GwE7nnm1Rrn6JJYYWo6VhW4+zPsE7 +simraHlIZD3KtGSQUvdTI6LMdKOZk6LXuQcJAtDpYiFBQ6uEN0ckz1e2BY4V4fze +9+7GX1+zrh3Gdoi9qf0iKYzCX+uyk5+VOrbBZ5Vqodd/Tk/dg4WWhkeocgIxxKK0 +0A+2bMHxGZAImMnBXWDt+I9FJv6/N0dHhJsVt8FQd5rC6Uf58VBh6MZOPq7aHHsM +NjjNDT0XjOiDmFUNvizncXwHBP/2w0CBflsaU0ehW9I0yLApqrUumF1YqlgIg57h +IsoER97caGjPVqo9/bNDraJ5XdLymM0VNzJZ3AxIpot7NqCRoJWlJiJf1n/7tzva +eVOTLWaEAXgxuYpRuXIebRZUJMUOOLDZHxAfUxgRBOyFutgOyEPc0tbcvQ/P/FWk +ZaGDXjQaivGh7lfs1r7LXj5FueePAvf6G99xccAvfHYsy8wWWbh/w0MurbNusmY/ +VcRHP/G0O0ynF/PTh7LDF+tGShrnd4UHgAAipzES/HhBfp4+cwXYerTaq91IQW+k +KHLYO0YdLA3jqeD727gL4CYkQCkPTsUhRG3xbUD9Q7J7hJ3bQg5IFgDtMfzFJMX3 +flptj/5jcf97PCwW2bwuoWqpmV4u/kZmXHewYHMRjfZTrafZM3KbB1x9Zv6R9Icb +AgMBAAGjggECMIH/MB0GA1UdDgQWBBRh0BoVha3OSmA34kKGMoiJtp2qMDCBwgYD +VR0jBIG6MIG3gBSFXP15d8yaohoDibc1WkmkjW3PUKGBk6SBkDCBjTELMAkGA1UE +BhMCQ1oxGjAYBgNVBAgMEUppaG9tb3JhdnNreSBrcmFqMQ0wCwYDVQQHDARCcm5v +MRswGQYDVQQKDBJTY29yaWEgQ29ycG9yYXRpb24xNjA0BgNVBAMMLVNjb3JpYSBD +b3Jwb3JhdGlvbiBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eYIJAM58RO9sXvoH +MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQBs +65lfyy6BwzXaz8EmrWj/5xerT1yQWKjiViZ0iJiFo2HTOs3FI1vv3IOEELn+65i2 +56hUBB22CRbCpgJVcPGzkPc/p15u5XQeCuCpYdcLGjOVT8TRDY+lJ32MVdzlA1pB +2oxzTJYqTeGmWGMZmFvrpYuj4P2Cxroo+NcmShdgr1TNXdZkVf+sCwC15xmpxw8n +bHOO801ip/FKX8LqYtO7FgogtlWqj1pKWUfyN+omoDP0dxNMGgmUqmpX5mjl09l2 +6gR+ULyRk+7CwAcVEoDKbQh1eM2brDW6olw7ynzYufOyT6n9zdqC55TB0ix0RxmR +1pntbAM4SLI7FtKLH9aReKI6mh6hKrglKMiwq2bFUw33q4Mq1WGXmmc1hlkeqhCB +jq6Xsr1It2C+qEAnLZ/sdiZLfXnsvkTC2FuXU3w5LSu5EBOVGhkAjM0vZR1b77PX +cdjuXQc/DDjEC2WM995j8p1gM+NYeD0o1NXdWULpOHJEtVMIWnaL9PRQY6uP7vJl +ObTSTf1XeP1fTN82fpdyhIuwoVH/CW0UJiMKE65dHqJAh2sG6TNGEnaTw39L74C2 +BHVPOAJ20h/FBSa0gIENyjNwESv45HeZ0dighxpHMZ28V1+EhDfrvYBklbHRpVWH +GPyddLmQ8WCpsUW8enoHkzuVcQQNS4CTcj0jdTh/fw== +-----END CERTIFICATE----- diff --git a/tests/tls/update.sh b/tests/tls/update.sh new file mode 100755 index 0000000..f3ffe3c --- /dev/null +++ b/tests/tls/update.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# source: +# https://github.com/scoriacorp/docker-tls-memcached +# courtesy Moisés Guimarães + +# extracting client credentials +docker run --rm scoriacorp/tls_memcached cat /opt/certs/key/client.key > client.key +docker run --rm scoriacorp/tls_memcached cat /opt/certs/crt/client.crt > client.crt + +# extracting client CA certificate +docker run --rm scoriacorp/tls_memcached cat /opt/certs/crt/client-ca-root.crt > client-ca-root.crt + +# extracting server credentials +docker run --rm scoriacorp/tls_memcached cat /opt/certs/key/server-rsa2048.key > server.key +docker run --rm scoriacorp/tls_memcached cat /opt/certs/chain/server-rsa2048.pem > server_chain.pem + +# extracting CA certificate +docker run --rm scoriacorp/tls_memcached cat /opt/certs/crt/ca-root.crt > ca-root.crt @@ -11,6 +11,7 @@ setenv= {generic}: RUNTESTS=-k 'not test_dbm_backend and not test_memcached_backend and not test_redis_backend' {memcached}: PIFPAF=pifpaf --env-prefix DOGPILE run memcached --port {env:TOX_DOGPILE_PORT:11234} -- + {memcached}: PIFPAF_TLS=pifpaf --env-prefix DOGPILE_TLS run memcached --port {env:TOX_DOGPILE_TLS_PORT:11212} --ssl_chain_cert=tests/tls/server_chain.pem --ssl_key=tests/tls/server.key -- {memcached}: RUNTESTS=tests/cache/test_memcached_backend.py {redis}: PIFPAF=pifpaf --env-prefix DOGPILE run redis --port {env:TOX_DOGPILE_PORT:11234} -- @@ -33,8 +34,8 @@ deps= # the py3k python-memcached fails for multiple # delete - {memcached}: python-binary-memcached - {memcached}: pifpaf + {memcached}: python-binary-memcached>=0.29.0 + {memcached}: pifpaf>=2.5.0 {redis}: redis {redis}: pifpaf {redis_sentinel}: redis @@ -42,7 +43,7 @@ deps= {cov}: pytest-cov commands= - {env:PIFPAF:} {env:BASECOMMAND} {env:COVERAGE:} {env:RUNTESTS:} {posargs} + {env:PIFPAF:} {env:PIFPAF_TLS:} {env:BASECOMMAND} {env:COVERAGE:} {env:RUNTESTS:} {posargs} sitepackages=False usedevelop=True |