Adding nginx_ssl_verify as a config option for nginx #1782
Conversation
|
I cleaned up the nginx tests with some comments, and separated 2 different tests for clarity. Added 'nginx_ssl_verify' to the self.config for the test. This doesn't actually test functionality with the |
|
@elafarge can you review please ? |
| }, | ||
| { | ||
| 'nginx_status_url': 'http://localhost:44441/nginx_status/', | ||
| 'tags': ['second'], | ||
| 'nginx_ssl_verify': True, |
There was a problem hiding this comment.
None of these tests actually are made against an https:// url, nor do they flip the flag from True to False.
Is that expected?
There was a problem hiding this comment.
Yeah, actually I referenced that in my comment above in this issue.
I basically confirm that this doesn't actually test functionality with the verify option for requests.get(), and that to do that would require an https endpoint on localhost to run a request against. However this is testing the requests submodule, and not our code, so I think an ssl_verify check here is unnecessary. The important part is that our config gets picked up.
But, I'm all for total coverage, so if you think adding this explicitly to the test is wise, then that's no problem. Is there an existing https endpoint on localhost that the test suite can access?
There was a problem hiding this comment.
Not that I know of.
The nginx config we use in our CI test suite is located here : https://github.com/DataDog/dd-agent/blob/master/ci/resources/nginx/nginx.conf .
If you do want to test that (it doesn't seem very useful indeed... but almost no test does until it breaks :) ) you'll have to create an HTTPS VirtualHost in Nginx in the conf file above and enable status on it.
Oh and I don't think there's a need to enable nginx_ssl_verify for all the tests on http endpoints.
There was a problem hiding this comment.
Yeah, I agree, and it's doubly useless in this test, since True is the default :)
My thought was that if it was at least added in there, it wouldn't be forgotten :P
|
Cool stuff. |
|
Yeah, those changes are fine. I was going for consistency of naming conventions, and noticed that the status url was called I'll go with chaning to |
|
Okay, what do we think about the updated tests now? |
| nginx.check(self.config['instances'][4]) | ||
| except Exception as e: | ||
| pass | ||
| self.assertEquals(type(e), requests.exceptions.SSLError) |
There was a problem hiding this comment.
Wouldn't it be possible to use assertRaises to make it a little cleaner (to avoid having a pass and using e that isn't really supposed to be defined in this block ?
There was a problem hiding this comment.
Bah! Yeah, you're totally right, that'd be a lot cleaner.
|
Awesome job ! Congrats! Apart from the small notice I wrote concerning |
|
@JohnLZeller tests are failing on ======================================================================
ERROR: test_nginx_ssl_validation_enabled (tests.checks.integration.test_nginx.TestNginx)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/travis/build/DataDog/dd-agent/tests/checks/integration/test_nginx.py", line 82, in test_nginx_ssl_validation_enabled
with self.assertRaises(requests.exceptions.SSLError):
TypeError: failUnlessRaises() takes at least 3 arguments (2 given) |
|
Ah, yeah. Turns out that the unittest submodule added the ability to use |
|
My bad, I didn't realize that when I suggested to use |
|
It's okay :) Still using it, just not as a context manager. |
|
@remh should be g2g now |
|
Nice, can you squash your commits into one please ? |
JohnLZeller
force-pushed
the
zeller/nginx-ssl-verify
branch
from
6390117 to
df50462
Compare
|
Squashed 👍 |
|
👍 |
Adding nginx_ssl_verify as a config option for nginx
|
💃 👯 💃 🍰 🎉 👯 |
- Same as flag added for nginx in issue DataDog#1782
- Same as flag added for nginx in issue DataDog#1782
- Same as flag added for nginx in issue DataDog#1782
- Same as flag added for nginx in issue DataDog#1782
- Same as flag added for nginx in issue DataDog#1782
Adding an
'nginx_ssl_verify'option to the nginx yaml config. This allows for setting theverifyoption inrequests.get()when calling the url set by'nginx_status_url'. The nginx_ssl_verify option defaults to True, staying consistent withrequests.get(), which also defaultsverifyto True.Working on a simple integration test now.