From a8ff0a597ce1e72b4a85a8abff771002205c421c Mon Sep 17 00:00:00 2001 From: SHASHIKANTH THAMBRAHALLI Date: Wed, 15 Nov 2023 12:01:41 +0530 Subject: [PATCH] Disable default developer configuration (#541) * Disable default developer configuration * Add new docker test * Avoid loading of mq.htpasswd exit when MQ_CONNAUTH_USE_HTP not set * Fix gosec error * Copy ini file with specific name * Load mqhtpasswd exit if admin and/or app password and MQ_CONNAUTH_USE_HTP=true * Update develiper configuration documentation * Fix typo and correct function description --- Dockerfile-server | 107 +++++++++--------- cmd/runmqdevserver/main.go | 54 +++++---- cmd/runmqserver/main.go | 5 +- cmd/runmqserver/webserver.go | 11 +- docs/developer-config.md | 12 +- .../servers/mqweb/mqwebcontainer.xml.dev | 3 - internal/htpasswd/htpasswd.go | 12 ++ test/container/devconfig_test.go | 90 +++++++++++++++ test/container/devconfig_test_util.go | 13 ++- test/container/docker_api_test.go | 8 +- 10 files changed, 216 insertions(+), 99 deletions(-) diff --git a/Dockerfile-server b/Dockerfile-server index db3ea3de..0a6aa93a 100644 --- a/Dockerfile-server +++ b/Dockerfile-server @@ -32,8 +32,8 @@ USER 0 WORKDIR $GO_WORKDIR/ ADD $MQ_ARCHIVE /opt/mqm ENV CGO_CFLAGS="-I/opt/mqm/inc/" \ - CGO_LDFLAGS_ALLOW="-Wl,-rpath.*" \ - PATH="${PATH}:/opt/mqm/bin" + CGO_LDFLAGS_ALLOW="-Wl,-rpath.*" \ + PATH="${PATH}:/opt/mqm/bin" COPY go.mod go.sum ./ COPY cmd/ ./cmd COPY internal/ ./internal @@ -62,27 +62,27 @@ ARG BASE_TAG ARG MQ_ARCHIVE WORKDIR /tmp/mq ENV genmqpkg_inc32=0 \ - genmqpkg_incadm=1 \ - genmqpkg_incamqp=0 \ - genmqpkg_incams=1 \ - genmqpkg_inccbl=0 \ - genmqpkg_inccics=0 \ - genmqpkg_inccpp=0 \ - genmqpkg_incdnet=0 \ - genmqpkg_incjava=1 \ - genmqpkg_incjre=1 \ - genmqpkg_incman=0 \ - genmqpkg_incmqbc=0 \ - genmqpkg_incmqft=0 \ - genmqpkg_incmqsf=0 \ - genmqpkg_incmqxr=0 \ - genmqpkg_incnls=1 \ - genmqpkg_incras=1 \ - genmqpkg_incsamp=1 \ - genmqpkg_incsdk=0 \ - genmqpkg_inctls=1 \ - genmqpkg_incunthrd=0 \ - genmqpkg_incweb=1 + genmqpkg_incadm=1 \ + genmqpkg_incamqp=0 \ + genmqpkg_incams=1 \ + genmqpkg_inccbl=0 \ + genmqpkg_inccics=0 \ + genmqpkg_inccpp=0 \ + genmqpkg_incdnet=0 \ + genmqpkg_incjava=1 \ + genmqpkg_incjre=1 \ + genmqpkg_incman=0 \ + genmqpkg_incmqbc=0 \ + genmqpkg_incmqft=0 \ + genmqpkg_incmqsf=0 \ + genmqpkg_incmqxr=0 \ + genmqpkg_incnls=1 \ + genmqpkg_incras=1 \ + genmqpkg_incsamp=1 \ + genmqpkg_incsdk=0 \ + genmqpkg_inctls=1 \ + genmqpkg_incunthrd=0 \ + genmqpkg_incweb=1 ADD $MQ_ARCHIVE /opt/mqm-noinstall # Run genmqpkg to reduce the MQ packages included RUN /opt/mqm-noinstall/bin/genmqpkg.sh -b /opt/mqm-redux @@ -96,17 +96,17 @@ ARG BASE_IMAGE ARG BASE_TAG ARG GO_WORKDIR LABEL summary="IBM MQ Advanced Server" \ - description="Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises" \ - vendor="IBM" \ - maintainer="IBM" \ - distribution-scope="private" \ - authoritative-source-url="https://www.ibm.com/software/passportadvantage/" \ - url="https://www.ibm.com/products/mq/advanced" \ - io.openshift.tags="mq messaging" \ - io.k8s.display-name="IBM MQ Advanced Server" \ - io.k8s.description="Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises" \ - base-image=$BASE_IMAGE \ - base-image-release=$BASE_TAG + description="Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises" \ + vendor="IBM" \ + maintainer="IBM" \ + distribution-scope="private" \ + authoritative-source-url="https://www.ibm.com/software/passportadvantage/" \ + url="https://www.ibm.com/products/mq/advanced" \ + io.openshift.tags="mq messaging" \ + io.k8s.display-name="IBM MQ Advanced Server" \ + io.k8s.description="Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises" \ + base-image=$BASE_IMAGE \ + base-image-release=$BASE_TAG COPY --from=mq-redux /opt/mqm-redux/ /opt/mqm/ COPY setup-image.sh /usr/local/bin/ COPY install-mq-server-prereqs.sh /usr/local/bin/ @@ -169,19 +169,19 @@ ARG BASE_IMAGE ARG BASE_TAG ARG GO_WORKDIR LABEL summary="IBM MQ Advanced for Developers Server" \ - description="Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises" \ - vendor="IBM" \ - distribution-scope="private" \ - authoritative-source-url="https://www.ibm.com/software/passportadvantage/" \ - url="https://www.ibm.com/products/mq/advanced" \ - io.openshift.tags="mq messaging" \ - io.k8s.display-name="IBM MQ Advanced for Developers Server" \ - io.k8s.description="Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises" \ - base-image=$BASE_IMAGE \ - base-image-release=$BASE_TAG + description="Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises" \ + vendor="IBM" \ + distribution-scope="private" \ + authoritative-source-url="https://www.ibm.com/software/passportadvantage/" \ + url="https://www.ibm.com/products/mq/advanced" \ + io.openshift.tags="mq messaging" \ + io.k8s.display-name="IBM MQ Advanced for Developers Server" \ + io.k8s.description="Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises" \ + base-image=$BASE_IMAGE \ + base-image-release=$BASE_TAG USER 0 COPY --from=cbuilder /opt/app-root/src/authservice/mqhtpass/build/mqhtpass.so /opt/mqm/lib64/ -COPY etc/mqm/*.ini /etc/mqm/ +COPY etc/mqm/qm-service-component.ini /run COPY etc/mqm/mq.htpasswd.default /etc/mqm/ COPY incubating/mqadvanced-server-dev/install-extra-packages.sh /usr/local/bin/ RUN chmod u+x /usr/local/bin/install-extra-packages.sh \ @@ -197,13 +197,16 @@ RUN ln -s /run/10-dev.mqsc /etc/mqm/10-dev.mqsc \ RUN chown -R 1001:root /etc/mqm/* \ && chmod -R g+w /etc/mqm/web \ && chmod +x /usr/local/bin/runmq* \ - && chmod 0660 /etc/mqm/mq.htpasswd.default - + && chmod 0660 /etc/mqm/mq.htpasswd.default \ + # Allow contents of qm-service-component.ini to be cleaned if MQ_CONNAUTH_USE_HTP is not set to true + && chmod 0660 /run/qm-service-component.ini \ + && ln -s /run/qm-service-component.ini /etc/mqm/qm-service-component.ini + ENV MQ_DEV=true \ - MQ_ENABLE_EMBEDDED_WEB_SERVER=1 \ - MQ_GENERATE_CERTIFICATE_HOSTNAME=localhost \ - LD_LIBRARY_PATH=/opt/mqm/lib64 \ - MQ_CONNAUTH_USE_HTP=true \ - MQS_PERMIT_UNKNOWN_ID=true + MQ_ENABLE_EMBEDDED_WEB_SERVER=1 \ + MQ_GENERATE_CERTIFICATE_HOSTNAME=localhost \ + LD_LIBRARY_PATH=/opt/mqm/lib64 \ + MQ_CONNAUTH_USE_HTP=true \ + MQS_PERMIT_UNKNOWN_ID=true USER 1001 ENTRYPOINT ["runmqdevserver"] diff --git a/cmd/runmqdevserver/main.go b/cmd/runmqdevserver/main.go index 9459ea08..99db7ae9 100644 --- a/cmd/runmqdevserver/main.go +++ b/cmd/runmqdevserver/main.go @@ -128,33 +128,43 @@ func doMain() error { return err } - // Copy default mq.htpasswd file to ephemeral volume - err = copy.CopyFile("/etc/mqm/mq.htpasswd.default", "/run/mq.htpasswd") - if err != nil { - logTermination(err) - return err - } - - adminPassword, set := os.LookupEnv("MQ_ADMIN_PASSWORD") - if !set { - adminPassword = "passw0rd" - err = os.Setenv("MQ_ADMIN_PASSWORD", adminPassword) + // Enable mq htpasswd if MQ_CONNAUTH_USE_HTP is set true + // and either or both of MQ_APP_PASSWORD and MQ_ADMIN_PASSWORD + // environment variables specified. + enableHtPwd, set := os.LookupEnv("MQ_CONNAUTH_USE_HTP") + adminPassword, adminPwdset := os.LookupEnv("MQ_ADMIN_PASSWORD") + appPassword, appPwdset := os.LookupEnv("MQ_APP_PASSWORD") + if set && strings.EqualFold(enableHtPwd, "true") && + (adminPwdset && len(strings.TrimSpace(adminPassword)) > 0 || appPwdset && len(strings.TrimSpace(appPassword)) > 0) { + // Copy default mq.htpasswd file to ephemeral volume + err = copy.CopyFile("/etc/mqm/mq.htpasswd.default", "/run/mq.htpasswd") if err != nil { - logTerminationf("Error setting admin password variable: %v", err) + logTermination(err) return err } - } - err = htpasswd.SetPassword("admin", adminPassword, false) - if err != nil { - logTerminationf("Error setting admin password: %v", err) - return err - } - appPassword, set := os.LookupEnv("MQ_APP_PASSWORD") - if set { - err = htpasswd.SetPassword("app", appPassword, false) + if adminPwdset { + err = htpasswd.SetPassword("admin", adminPassword, false) + if err != nil { + logTerminationf("Error setting admin password: %v", err) + return err + } + } + + if appPwdset { + err = htpasswd.SetPassword("app", appPassword, false) + if err != nil { + logTerminationf("Error setting app password: %v", err) + return err + } + } + } else { + // Clean contents of qm-service-component.ini if MQ_CONNAUTH_USE_HTP is not set to true + // so that mq.htpasswd exit is not loaded by queue manager + // #nosec G306 - its a write by owner/s group, and pose no harm. + err = os.WriteFile("/run/qm-service-component.ini", []byte(""), 0660) if err != nil { - logTerminationf("Error setting app password: %v", err) + logTermination(err) return err } } diff --git a/cmd/runmqserver/main.go b/cmd/runmqserver/main.go index 0482b280..fd535ef2 100644 --- a/cmd/runmqserver/main.go +++ b/cmd/runmqserver/main.go @@ -27,6 +27,7 @@ import ( "github.com/ibm-messaging/mq-container/internal/copy" "github.com/ibm-messaging/mq-container/internal/fips" "github.com/ibm-messaging/mq-container/internal/ha" + "github.com/ibm-messaging/mq-container/internal/htpasswd" "github.com/ibm-messaging/mq-container/internal/metrics" "github.com/ibm-messaging/mq-container/internal/ready" "github.com/ibm-messaging/mq-container/internal/tls" @@ -329,7 +330,7 @@ func doMain() error { } } - if *devFlag { + if *devFlag && htpasswd.IsEnabled() { _, err = mirrorHTPasswdLogs(ctx, &wg, name, newQM, mf) if err != nil { logTermination(err) @@ -354,7 +355,7 @@ func doMain() error { // This is a developer image only change // This workaround should be removed and handled via , when inimerge is ready to handle stanza ordering - if *devFlag { + if *devFlag && htpasswd.IsEnabled() { err = updateQMini(name) if err != nil { logTermination(err) diff --git a/cmd/runmqserver/webserver.go b/cmd/runmqserver/webserver.go index 01a82e7b..125ffdc4 100644 --- a/cmd/runmqserver/webserver.go +++ b/cmd/runmqserver/webserver.go @@ -35,14 +35,9 @@ func startWebServer(webKeystore, webkeystorePW, webTruststoreRef string) error { log.Println("Starting web server") // #nosec G204 - command is fixed, no injection vector cmd := exec.Command("strmqweb") - // Set a default app password for the web server, if one isn't already set - _, set := os.LookupEnv("MQ_APP_PASSWORD") - if !set { - // Take all current environment variables, and add the app password - cmd.Env = append(os.Environ(), "MQ_APP_PASSWORD=passw0rd") - } else { - cmd.Env = os.Environ() - } + + // Pass all the environment to MQ Web Server JVM + cmd.Env = os.Environ() // TLS enabled if webKeystore != "" { diff --git a/docs/developer-config.md b/docs/developer-config.md index 87777f4c..af16455a 100644 --- a/docs/developer-config.md +++ b/docs/developer-config.md @@ -7,15 +7,15 @@ If you build this image with MQ Advanced for Developers, then an optional set of The MQ Developer Defaults supports some customization options, these are all controlled using environment variables: * **MQ_DEV** - Set this to `false` to stop the default objects being created. -* **MQ_ADMIN_PASSWORD** - Changes the password of the `admin` user. Must be at least 8 characters long. -* **MQ_APP_PASSWORD** - Changes the password of the app user. If set, this will cause the `DEV.APP.SVRCONN` channel to become secured and only allow connections that supply a valid userid and password. Must be at least 8 characters long. +* **MQ_ADMIN_PASSWORD** - Specify the password of the `admin` user. Must be at least 8 characters long. +* **MQ_APP_PASSWORD** - Specify the password of the `app` user. If set, this will cause the `DEV.APP.SVRCONN` channel to become secured and only allow connections that supply a valid userid and password. Must be at least 8 characters long. ## Details of the default configuration The following users are created: -* User **admin** for administration. Default password is **passw0rd**. -* User **app** for messaging (in a group called `mqclient`). No password by default. +* User **admin** for administration. No password by default. Password must be set using **MQ_ADMIN_PASSWORD** environment variable. +* User **app** for messaging (in a group called `mqclient`). No password by default. Password must be set using **MQ_APP_PASSWORD** environment variable. Users in `mqclient` group have been given access connect to all queues and topics starting with `DEV.**` and have `put`, `get`, `pub`, `sub`, `browse` and `inq` permissions. @@ -41,8 +41,6 @@ When you navigate to this page you may be presented with a security exception wa If you choose to accept the security warning, you will be presented with the login menu for the IBM MQ Web Console. The default login for the console is: * **User:** admin -* **Password:** passw0rd - -If you wish to change the password for the admin user, this can be done using the `MQ_ADMIN_PASSWORD` environment variable. +* **Password:** No password by default. The password for the admin user must be specified using the `MQ_ADMIN_PASSWORD` environment variable. If you do not wish the web console to run, you can disable it by setting the environment variable `MQ_ENABLE_EMBEDDED_WEB_SERVER` to `false`. diff --git a/incubating/mqadvanced-server-dev/web/installations/Installation1/servers/mqweb/mqwebcontainer.xml.dev b/incubating/mqadvanced-server-dev/web/installations/Installation1/servers/mqweb/mqwebcontainer.xml.dev index 53ffef76..f80a368c 100644 --- a/incubating/mqadvanced-server-dev/web/installations/Installation1/servers/mqweb/mqwebcontainer.xml.dev +++ b/incubating/mqadvanced-server-dev/web/installations/Installation1/servers/mqweb/mqwebcontainer.xml.dev @@ -23,9 +23,6 @@ - diff --git a/internal/htpasswd/htpasswd.go b/internal/htpasswd/htpasswd.go index 51033aed..1a0b6209 100644 --- a/internal/htpasswd/htpasswd.go +++ b/internal/htpasswd/htpasswd.go @@ -111,3 +111,15 @@ func (htpfile mapHtPasswd) updateHtPasswordFile(isTest bool) error { // #nosec G306 - its a read by owner/s group, and pose no harm. return os.WriteFile(file, htpfile.GetBytes(), 0660) } + +func IsEnabled() bool { + htpassEnabled := false + enableHtPwd, set := os.LookupEnv("MQ_CONNAUTH_USE_HTP") + adminPassword, adminPwdset := os.LookupEnv("MQ_ADMIN_PASSWORD") + appPassword, appPwdset := os.LookupEnv("MQ_APP_PASSWORD") + if set && strings.EqualFold(enableHtPwd, "true") && + (adminPwdset && len(strings.TrimSpace(adminPassword)) > 0 || appPwdset && len(strings.TrimSpace(appPassword)) > 0) { + htpassEnabled = true + } + return htpassEnabled +} diff --git a/test/container/devconfig_test.go b/test/container/devconfig_test.go index 94b373bb..308c1b3c 100644 --- a/test/container/devconfig_test.go +++ b/test/container/devconfig_test.go @@ -40,6 +40,9 @@ func TestDevGoldenPath(t *testing.T) { "LICENSE=accept", "MQ_QMGR_NAME=" + qm, "DEBUG=true", + "MQ_CONNAUTH_USE_HTP=true", + "MQ_APP_PASSWORD=" + defaultAppPasswordWeb, + "MQ_ADMIN_PASSWORD=" + defaultAdminPassword, }, } id := runContainerWithPorts(t, cli, &containerConfig, []int{9443, 1414}) @@ -76,7 +79,9 @@ func TestDevSecure(t *testing.T) { Env: []string{ "LICENSE=accept", "MQ_QMGR_NAME=" + qm, + "MQ_CONNAUTH_USE_HTP=true", "MQ_APP_PASSWORD=" + appPassword, + "MQ_ADMIN_PASSWORD=" + defaultAdminPassword, "DEBUG=1", "WLP_LOGGING_MESSAGE_FORMAT=JSON", "MQ_ENABLE_EMBEDDED_WEB_SERVER_LOG=true", @@ -137,6 +142,7 @@ func TestDevWebDisabled(t *testing.T) { "LICENSE=accept", "MQ_QMGR_NAME=qm1", "MQ_ENABLE_EMBEDDED_WEB_SERVER=false", + "MQ_APP_PASSWORD=" + defaultAppPasswordOS, }, } id := runContainerWithPorts(t, cli, &containerConfig, []int{1414}) @@ -487,7 +493,9 @@ func TestDevSecureFIPSTrueWeb(t *testing.T) { Env: []string{ "LICENSE=accept", "MQ_QMGR_NAME=" + qm, + "MQ_CONNAUTH_USE_HTP=true", "MQ_APP_PASSWORD=" + appPassword, + "MQ_ADMIN_PASSWORD=" + defaultAdminPassword, "DEBUG=1", "WLP_LOGGING_MESSAGE_FORMAT=JSON", "MQ_ENABLE_EMBEDDED_WEB_SERVER_LOG=true", @@ -557,7 +565,9 @@ func TestDevSecureFalseFIPSWeb(t *testing.T) { Env: []string{ "LICENSE=accept", "MQ_QMGR_NAME=" + qm, + "MQ_CONNAUTH_USE_HTP=true", "MQ_APP_PASSWORD=" + appPassword, + "MQ_ADMIN_PASSWORD=" + defaultAdminPassword, "DEBUG=1", "WLP_LOGGING_MESSAGE_FORMAT=JSON", "MQ_ENABLE_EMBEDDED_WEB_SERVER_LOG=true", @@ -624,6 +634,7 @@ func TestSSLFIPSTrueNoCerts(t *testing.T) { containerConfig := ce.ContainerConfig{ Env: []string{ "LICENSE=accept", + "MQ_CONNAUTH_USE_HTP=true", "MQ_APP_PASSWORD=" + appPassword, "MQ_QMGR_NAME=QM1", "MQ_ENABLE_EMBEDDED_WEB_SERVER=false", @@ -757,3 +768,82 @@ func TestSSLFIPSBadCerts(t *testing.T) { // Stop the container cleanly stopContainer(t, cli, ID) } + +// Test REST messaging with default developer configuration +// MQ_CONNAUTH_USE_HTP is set to true in the dev image. The test +// specifies password for admin userId via MQ_ADMIN_PASSWORD +// environment variable but then attempts to do REST messaging +// usig 'app' userId. HTTP 401 is expected. +func TestDevNoDefCreds(t *testing.T) { + t.Parallel() + cli := ce.NewContainerClient() + qm := "qm1" + containerConfig := ce.ContainerConfig{ + Env: []string{ + "LICENSE=accept", + "MQ_QMGR_NAME=" + qm, + "DEBUG=true", + "MQ_ADMIN_PASSWORD=" + defaultAdminPassword, + }, + } + id := runContainerWithPorts(t, cli, &containerConfig, []int{9443, 1414}) + defer cleanContainer(t, cli, id) + waitForReady(t, cli, id) + waitForWebReady(t, cli, id, insecureTLSConfig) + // Expect a 401 Unauthorized HTTP Response + testRESTMessaging(t, cli, id, insecureTLSConfig, qm, "app", defaultAppPasswordWeb, "401 Unauthorized") + // Stop the container cleanly + stopContainer(t, cli, id) +} + +// MQ_CONNAUTH_USE_HTP is set to false. There should be no 'mqhtpasswd:' entries in pod log +// eventhough MQ_ADMIN_PASSWORD is also specified. +func TestDevNoDefCredsLogMessageConnAuthFalse(t *testing.T) { + t.Parallel() + testDevNoDefaultCredsUtil(t, []string{"MQ_CONNAUTH_USE_HTP=false", "MQ_ADMIN_PASSWORD=passw0rd"}, false) +} + +// MQ_CONNAUTH_USE_HTP is true with neither Admin nor App password specified, +// so there should be no 'mqhtpasswd:' entries in the pod log +func TestDevNoDefCredsLogMessageConnAuthTrue(t *testing.T) { + t.Parallel() + testDevNoDefaultCredsUtil(t, []string{"MQ_CONNAUTH_USE_HTP=true"}, false) +} + +// MQ_CONNAUTH_USE_HTP is true with App password specified, +// there should be at least one 'mqhtpasswd:' entry in the pod log +func TestDevNoDefCredsLogMessageConnAuthTrueWithPwd(t *testing.T) { + t.Parallel() + testDevNoDefaultCredsUtil(t, []string{"MQ_CONNAUTH_USE_HTP=true", "MQ_APP_PASSWORD=passw0rd"}, true) +} + +// Utility function for testing mqhtpasswd +func testDevNoDefaultCredsUtil(t *testing.T, mqhtpassEnvs []string, htpwdInLog bool) { + cli := ce.NewContainerClient() + qm := "QM1" + containerConfig := ce.ContainerConfig{ + Env: []string{ + "LICENSE=accept", + "MQ_QMGR_NAME=" + qm, + "DEBUG=true", + }, + } + + containerConfig.Env = append(containerConfig.Env, mqhtpassEnvs...) + + id := runContainerWithPorts(t, cli, &containerConfig, []int{1414}) + defer cleanContainer(t, cli, id) + waitForReady(t, cli, id) + defer stopContainer(t, cli, id) + + logs := inspectLogs(t, cli, id) + if htpwdInLog { + if !strings.Contains(logs, "mqhtpass:") { + t.Errorf("Exepcted mqhtpass keyword in pod logs but did not find any.") + } + } else { + if strings.Contains(logs, "mqhtpass:") { + t.Errorf("Didn't exepct mqhtpass keyword in pod logs but found at least one.") + } + } +} diff --git a/test/container/devconfig_test_util.go b/test/container/devconfig_test_util.go index 2a0a8542..4a4e0a87 100644 --- a/test/container/devconfig_test_util.go +++ b/test/container/devconfig_test_util.go @@ -39,7 +39,7 @@ import ( ) const defaultAdminPassword string = "passw0rd" -const defaultAppPasswordOS string = "" +const defaultAppPasswordOS string = "passw0rd" const defaultAppPasswordWeb string = "passw0rd" // Disable TLS verification (server uses a self-signed certificate by default, @@ -296,9 +296,14 @@ func testRESTMessaging(t *testing.T, cli ce.ContainerInterface, ID string, tlsCo } logHTTPResponse(t, resp) if resp != nil && resp.StatusCode != http.StatusCreated { - t.Errorf("Expected HTTP status code %v from 'POST to queue'; got %v", http.StatusOK, resp.StatusCode) - t.Logf("HTTP response: %+v", resp) - t.Fail() + if strings.Contains(resp.Status, errorExpected) { + t.Logf("HTTP Response code is as expected. %s", resp.Status) + return + } else { + t.Errorf("Expected HTTP status code %v from 'POST to queue'; got %v", http.StatusOK, resp.StatusCode) + t.Logf("HTTP response: %+v", resp) + t.Fail() + } } req, err = http.NewRequest("DELETE", url, nil) diff --git a/test/container/docker_api_test.go b/test/container/docker_api_test.go index a1e69e1a..adc78ab8 100644 --- a/test/container/docker_api_test.go +++ b/test/container/docker_api_test.go @@ -698,7 +698,7 @@ func TestRedactInvalidMQSC(t *testing.T) { defer deleteImage(t, cli, tag) containerConfig := ce.ContainerConfig{ - Env: []string{"LICENSE=accept", "MQ_QMGR_NAME=qm1"}, + Env: []string{"LICENSE=accept", "MQ_QMGR_NAME=qm1", "MQ_CONNAUTH_USE_HTP=true", "MQ_APP_PASSWORD=passw0rd"}, Image: tag, } id := runContainer(t, cli, &containerConfig) @@ -1418,6 +1418,8 @@ func TestLoggingConsoleSource(t *testing.T) { "LICENSE=accept", "MQ_QMGR_NAME=qm1", "MQ_ENABLE_EMBEDDED_WEB_SERVER=true", + "MQ_CONNAUTH_USE_HTP=true", + "MQ_APP_PASSWORD=passw0rd", }, } id := runContainer(t, cli, &containerConfig) @@ -1608,6 +1610,8 @@ func TestLoggingConsoleSetToWeb(t *testing.T) { "MQ_LOGGING_CONSOLE_SOURCE=web", "MQ_LOGGING_CONSOLE_EXCLUDE_ID=CWWKG0028A,CWWKS4105I", "MQ_LOGGING_CONSOLE_FORMAT=json", + "MQ_CONNAUTH_USE_HTP=true", + "MQ_APP_PASSWORD=passw0rd", }, } id := runContainer(t, cli, &containerConfig) @@ -1684,6 +1688,8 @@ func TestWebLogsHeaderRotation(t *testing.T) { "MQ_QMGR_NAME=qm1", "MQ_ENABLE_EMBEDDED_WEB_SERVER=true", "MQ_LOGGING_CONSOLE_SOURCE=qmgr,web", + "MQ_CONNAUTH_USE_HTP=true", + "MQ_APP_PASSWORD=passw0rd", }, } id := runContainer(t, cli, &containerConfig)