diff --git a/.github/workflows/run_test.yaml b/.github/workflows/run_test.yaml index f0bdabbe..7f7a8ba5 100644 --- a/.github/workflows/run_test.yaml +++ b/.github/workflows/run_test.yaml @@ -31,21 +31,13 @@ jobs: pip install -r requirements/dev.txt - name: Test with pytest run: | - docker-compose up -d + docker-compose -f docker-compose.yaml up -d sleep 45 - docker-compose logs console - pytest -s -v -k "not SSL and not self_signed_SSL" - docker-compose down -v + pytest -s -v -k "not SSL" working-directory: tests - name: Test SSL connection with pytest run: | - enable_ssl=true docker-compose up -d + enable_ssl=true docker-compose -f docker-compose-ssl.yaml up -d sleep 45 pytest -s -v -k "SSL" working-directory: tests - - name: Test self-signed SSL connection with pytest - run: | - enable_ssl=true docker-compose up -d - sleep 45 - pytest -s -v -k "self_signed_SSL" - working-directory: tests diff --git a/nebula2/gclient/net/Connection.py b/nebula2/gclient/net/Connection.py index 9cd7e68e..a727685a 100644 --- a/nebula2/gclient/net/Connection.py +++ b/nebula2/gclient/net/Connection.py @@ -34,6 +34,7 @@ def __init__(self): self._ip = None self._port = None self._timeout = 0 + self._ssl_conf = None def open(self, ip, port, timeout): """open the connection @@ -57,6 +58,7 @@ def open_SSL(self, ip, port, timeout, ssl_config=None): self._ip = ip self._port = port self._timeout = timeout + self._ssl_conf = ssl_config try: if ssl_config is not None: s = TSSLSocket.TSSLSocket( @@ -92,7 +94,10 @@ def _reopen(self): :return: """ self.close() - self.open(self._ip, self._port, self._timeout) + if self._ssl_conf is not None: + self.open_SSL(self._ip, self._port, self._timeout, self._ssl_conf) + else: + self.open(self._ip, self._port, self._timeout) def authenticate(self, user_name, password): """authenticate to graphd diff --git a/tests/docker-compose-ssl.yaml b/tests/docker-compose-ssl.yaml new file mode 100644 index 00000000..d095584e --- /dev/null +++ b/tests/docker-compose-ssl.yaml @@ -0,0 +1,420 @@ +version: '3.4' +services: + metad0: + image: vesoft/nebula-metad:nightly + environment: + USER: root + TZ: "${TZ}" + command: + - --meta_server_addrs=172.28.1.1:9559,172.28.1.2:9559,172.28.1.3:9559 + - --local_ip=172.28.1.1 + - --ws_ip=172.28.1.1 + - --port=9559 + - --data_path=/data/meta + - --log_dir=/logs + - --v=0 + - --minloglevel=0 + - --heartbeat_interval_secs=1 + # ssl + - --ca_path=${ca_path} + - --cert_path=${cert_path} + - --key_path=${key_path} + - --enable_ssl=${enable_ssl} + healthcheck: + test: ["CMD", "curl", "-f", "http://172.28.1.1:11000/status"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 20s + ports: + - "9559:9559" + - 11000 + - 11002 + volumes: + - ./secrets:/secrets + - ./data/meta0:/data/meta:Z + - ./logs/meta0:/logs:Z + networks: + nebula-net: + ipv4_address: 172.28.1.1 + restart: on-failure + cap_add: + - SYS_PTRACE + + metad1: + image: vesoft/nebula-metad:nightly + environment: + USER: root + TZ: "${TZ}" + command: + - --meta_server_addrs=172.28.1.1:9559,172.28.1.2:9559,172.28.1.3:9559 + - --local_ip=172.28.1.2 + - --ws_ip=172.28.1.2 + - --port=9559 + - --data_path=/data/meta + - --log_dir=/logs + - --v=0 + - --minloglevel=0 + - --heartbeat_interval_secs=1 + # ssl + - --ca_path=${ca_path} + - --cert_path=${cert_path} + - --key_path=${key_path} + - --enable_ssl=${enable_ssl} + healthcheck: + test: ["CMD", "curl", "-f", "http://172.28.1.2:11000/status"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 20s + ports: + - "9560:9559" + - 11000 + - 11002 + volumes: + - ./secrets:/secrets + - ./data/meta1:/data/meta:Z + - ./logs/meta1:/logs:Z + networks: + nebula-net: + ipv4_address: 172.28.1.2 + restart: on-failure + cap_add: + - SYS_PTRACE + + metad2: + image: vesoft/nebula-metad:nightly + environment: + USER: root + TZ: "${TZ}" + command: + - --meta_server_addrs=172.28.1.1:9559,172.28.1.2:9559,172.28.1.3:9559 + - --local_ip=172.28.1.3 + - --ws_ip=172.28.1.3 + - --port=9559 + - --data_path=/data/meta + - --log_dir=/logs + - --v=0 + - --minloglevel=0 + - --heartbeat_interval_secs=1 + # ssl + - --ca_path=${ca_path} + - --cert_path=${cert_path} + - --key_path=${key_path} + - --enable_ssl=${enable_ssl} + healthcheck: + test: ["CMD", "curl", "-f", "http://172.28.1.3:11000/status"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 20s + ports: + - "9561:9559" + - 11000 + - 11002 + volumes: + - ./secrets:/secrets + - ./data/meta2:/data/meta:Z + - ./logs/meta2:/logs:Z + networks: + nebula-net: + ipv4_address: 172.28.1.3 + restart: on-failure + cap_add: + - SYS_PTRACE + + storaged0: + image: vesoft/nebula-storaged:nightly + environment: + USER: root + TZ: "${TZ}" + command: + - --meta_server_addrs=172.28.1.1:9559,172.28.1.2:9559,172.28.1.3:9559 + - --local_ip=172.28.2.1 + - --ws_ip=172.28.2.1 + - --port=9779 + - --data_path=/data/storage + - --log_dir=/logs + - --v=0 + - --minloglevel=0 + - --heartbeat_interval_secs=1 + - --timezone_name=+08:00 + # ssl + - --ca_path=${ca_path} + - --cert_path=${cert_path} + - --key_path=${key_path} + - --enable_ssl=${enable_ssl} + depends_on: + - metad0 + - metad1 + - metad2 + healthcheck: + test: ["CMD", "curl", "-f", "http://172.28.2.1:12000/status"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 20s + ports: + - "9779:9779" + - 12000 + - 12002 + volumes: + - ./secrets:/secrets + - ./data/storage0:/data/storage:Z + - ./logs/storage0:/logs:Z + networks: + nebula-net: + ipv4_address: 172.28.2.1 + restart: on-failure + cap_add: + - SYS_PTRACE + + storaged1: + image: vesoft/nebula-storaged:nightly + environment: + USER: root + TZ: "${TZ}" + command: + - --meta_server_addrs=172.28.1.1:9559,172.28.1.2:9559,172.28.1.3:9559 + - --local_ip=172.28.2.2 + - --ws_ip=172.28.2.2 + - --port=9779 + - --data_path=/data/storage + - --log_dir=/logs + - --v=0 + - --minloglevel=0 + - --heartbeat_interval_secs=1 + - --timezone_name=+08:00 + # ssl + - --ca_path=${ca_path} + - --cert_path=${cert_path} + - --key_path=${key_path} + - --enable_ssl=${enable_ssl} + depends_on: + - metad0 + - metad1 + - metad2 + healthcheck: + test: ["CMD", "curl", "-f", "http://172.28.2.2:12000/status"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 20s + ports: + - "9780:9779" + - 12000 + - 12002 + volumes: + - ./secrets:/secrets + - ./data/storage1:/data/storage:Z + - ./logs/storage1:/logs:Z + networks: + nebula-net: + ipv4_address: 172.28.2.2 + restart: on-failure + cap_add: + - SYS_PTRACE + + storaged2: + image: vesoft/nebula-storaged:nightly + environment: + USER: root + TZ: "${TZ}" + command: + - --meta_server_addrs=172.28.1.1:9559,172.28.1.2:9559,172.28.1.3:9559 + - --local_ip=172.28.2.3 + - --ws_ip=172.28.2.3 + - --port=9779 + - --data_path=/data/storage + - --log_dir=/logs + - --v=0 + - --minloglevel=0 + - --heartbeat_interval_secs=1 + - --timezone_name=+08:00 + # ssl + - --ca_path=${ca_path} + - --cert_path=${cert_path} + - --key_path=${key_path} + - --enable_ssl=${enable_ssl} + depends_on: + - metad0 + - metad1 + - metad2 + healthcheck: + test: ["CMD", "curl", "-f", "http://172.28.2.3:12000/status"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 20s + ports: + - "9781:9779" + - 12000 + - 12002 + volumes: + - ./secrets:/secrets + - ./data/storage2:/data/storage:Z + - ./logs/storage2:/logs:Z + networks: + nebula-net: + ipv4_address: 172.28.2.3 + restart: on-failure + cap_add: + - SYS_PTRACE + + graphd0: + image: vesoft/nebula-graphd:nightly + environment: + USER: root + TZ: "${TZ}" + command: + - --meta_server_addrs=172.28.1.1:9559,172.28.1.2:9559,172.28.1.3:9559 + - --port=9669 + - --ws_ip=172.28.3.1 + - --log_dir=/logs + - --v=0 + - --minloglevel=0 + - --heartbeat_interval_secs=1 + - --timezone_name=+08:00 + # ssl + - --ca_path=${ca_path} + - --cert_path=${cert_path} + - --key_path=${key_path} + - --enable_ssl=${enable_ssl} + depends_on: + - metad0 + - metad1 + - metad2 + healthcheck: + test: ["CMD", "curl", "-f", "http://172.28.3.1:13000/status"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 20s + ports: + - "9669:9669" + - 13000 + - 13002 + volumes: + - ./secrets:/secrets + - ./logs/graph0:/logs:Z + networks: + nebula-net: + ipv4_address: 172.28.3.1 + restart: on-failure + cap_add: + - SYS_PTRACE + + graphd1: + image: vesoft/nebula-graphd:nightly + environment: + USER: root + TZ: "${TZ}" + command: + - --meta_server_addrs=172.28.1.1:9559,172.28.1.2:9559,172.28.1.3:9559 + - --port=9669 + - --ws_ip=172.28.3.2 + - --log_dir=/logs + - --v=0 + - --minloglevel=0 + - --heartbeat_interval_secs=1 + - --timezone_name=+08:00 + # ssl + - --ca_path=${ca_path} + - --cert_path=${cert_path} + - --key_path=${key_path} + - --enable_ssl=${enable_ssl} + depends_on: + - metad0 + - metad1 + - metad2 + healthcheck: + test: ["CMD", "curl", "-f", "http://172.28.3.2:13000/status"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 20s + ports: + - "9670:9669" + - 13000 + - 13002 + volumes: + - ./secrets:/secrets + - ./logs/graph1:/logs:Z + networks: + nebula-net: + ipv4_address: 172.28.3.2 + restart: on-failure + cap_add: + - SYS_PTRACE + + graphd2: + image: vesoft/nebula-graphd:nightly + environment: + USER: root + TZ: "${TZ}" + command: + - --meta_server_addrs=172.28.1.1:9559,172.28.1.2:9559,172.28.1.3:9559 + - --port=9669 + - --ws_ip=172.28.3.3 + - --log_dir=/logs + - --v=0 + - --minloglevel=0 + - --heartbeat_interval_secs=1 + - --timezone_name=+08:00 + # ssl + - --ca_path=${ca_path} + - --cert_path=${cert_path} + - --key_path=${key_path} + - --enable_ssl=${enable_ssl} + depends_on: + - metad0 + - metad1 + - metad2 + healthcheck: + test: ["CMD", "curl", "-f", "http://172.28.3.3:13000/status"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 20s + ports: + - "9671:9669" + - 13000 + - 13002 + volumes: + - ./secrets:/secrets + - ./logs/graph2:/logs:Z + networks: + nebula-net: + ipv4_address: 172.28.3.3 + restart: on-failure + cap_add: + - SYS_PTRACE + + console: + image: vesoft/nebula-console:nightly + entrypoint: "" + command: + - sh + - -c + - | + for i in `seq 1 60`;do + var=`nebula-console -addr graphd0 -port 9669 -u root -p nebula -enable_ssl=true -ssl_root_ca_path /secrets/test.ca.pem -ssl_cert_path /secrets/test.client.crt -ssl_private_key_path /secrets/test.client.key --ssl_insecure_skip_verify=true -e 'ADD HOSTS "172.28.2.1":9779,"172.28.2.2":9779,"172.28.2.3":9779;'`; + if [[ $$? == 0 ]];then + break; + fi; + sleep 1; + echo "retry to add hosts."; + done && tail -f /dev/null; + volumes: + - ./secrets:/secrets + depends_on: + - graphd0 + networks: + - nebula-net + +networks: + nebula-net: + ipam: + driver: default + config: + - subnet: 172.28.0.0/16 diff --git a/tests/test_parameter.py b/tests/test_parameter.py index 32e4e22d..a516fa09 100644 --- a/tests/test_parameter.py +++ b/tests/test_parameter.py @@ -90,7 +90,8 @@ def test_parameter(self): assert 'bob1' == resp.row_values(0)[2].as_string() # test cypher parameter resp = client.execute_parameter( - 'MATCH (v:person)--() WHERE v.age>abs($p1)+3 RETURN v.name AS vname,v.age AS vage ORDER BY vage, $p3 LIMIT $p1+1', + f'''MATCH (v:person)--() WHERE v.person.age>abs($p1)+3 + RETURN v.person.name AS vname,v.person.age AS vage ORDER BY vage, $p3 LIMIT $p1+1''', self.params, ) assert resp.is_succeeded(), resp.error_msg() diff --git a/tests/test_ssl_connection.py b/tests/test_ssl_connection.py index 0b1e05cf..861f6b3e 100644 --- a/tests/test_ssl_connection.py +++ b/tests/test_ssl_connection.py @@ -88,7 +88,7 @@ def test_close(self): assert True -@pytest.mark.self_signed_SSL +@pytest.mark.SSL class TestSSLConnectionSelfSigned(TestCase): def test_create_self_signed(self): try: diff --git a/tests/test_ssl_pool.py b/tests/test_ssl_pool.py index 702199ca..0c3b7337 100644 --- a/tests/test_ssl_pool.py +++ b/tests/test_ssl_pool.py @@ -41,7 +41,6 @@ def setup_class(self): # self signed SSL config self.ssl_selfs_signed_config = SSL_config() self.ssl_selfs_signed_config.cert_reqs = ssl.CERT_OPTIONAL - self.ssl_selfs_signed_config.cert_reqs = ssl.CERT_OPTIONAL self.ssl_selfs_signed_config.ca_certs = os.path.join( current_dir, 'secrets/test.self-signed.pem' )