hs-test: add tls proxy test

Type: test

Change-Id: I8f3f4c464907356bb1990ea53f0f46befc057acf
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>

diff --git a/extras/hs-test/docker/Dockerfile.vpp b/extras/hs-test/docker/Dockerfile.vpp
index e45479d..6b05758 100644 (file)
--- a/extras/hs-test/docker/Dockerfile.vpp
+++ b/extras/hs-test/docker/Dockerfile.vpp
@@ -17,6 +17,7 @@ COPY \
    $DIR/quic_plugin.so \
    $DIR/http_static_plugin.so \
    $DIR/prom_plugin.so \
+   $DIR/tlsopenssl_plugin.so \
    /usr/lib/x86_64-linux-gnu/vpp_plugins/
 
 COPY vpp-data/bin/vpp /usr/bin/

diff --git a/extras/hs-test/proxy_test.go b/extras/hs-test/proxy_test.go
index 9e72303..7b7321e 100644 (file)
--- a/extras/hs-test/proxy_test.go
+++ b/extras/hs-test/proxy_test.go
@@ -7,7 +7,7 @@ import (
        "github.com/edwarnicke/exechelper"
 )
 
-func testProxyHttpTcp(s *NsSuite) error {
+func testProxyHttpTcp(s *NsSuite, proto string) error {
        const outputFile = "test.data"
        const srcFile = "10M"
        stopServer := make(chan struct{}, 1)
@@ -32,12 +32,11 @@ func testProxyHttpTcp(s *NsSuite) error {
 
        clientVeth := s.netInterfaces[clientInterface]
        c := fmt.Sprintf("ip netns exec client wget --no-proxy --retry-connrefused"+
-               " --retry-on-http-error=503 --tries=10"+
-               " -O %s %s:555/%s",
-               outputFile,
-               clientVeth.ip4AddressString(),
-               srcFile,
-       )
+               " --retry-on-http-error=503 --tries=10 -O %s ", outputFile)
+       if proto == "tls" {
+               c += " --secure-protocol=TLSv1_3 --no-check-certificate https://"
+       }
+       c += fmt.Sprintf("%s:555/%s", clientVeth.ip4AddressString(), srcFile)
        s.log(c)
        _, err = exechelper.CombinedOutput(c)
        s.assertNil(err, "failed to run wget")
@@ -49,13 +48,14 @@ func testProxyHttpTcp(s *NsSuite) error {
        return nil
 }
 
-func configureVppProxy(s *NsSuite) {
+func configureVppProxy(s *NsSuite, proto string) {
        serverVeth := s.netInterfaces[serverInterface]
        clientVeth := s.netInterfaces[clientInterface]
 
        testVppProxy := s.getContainerByName("vpp").vppInstance
        output := testVppProxy.vppctl(
-               "test proxy server server-uri tcp://%s/555 client-uri tcp://%s/666",
+               "test proxy server server-uri %s://%s/555 client-uri tcp://%s/666",
+               proto,
                clientVeth.ip4AddressString(),
                serverVeth.peer.ip4AddressString(),
        )
@@ -63,8 +63,16 @@ func configureVppProxy(s *NsSuite) {
 }
 
 func (s *NsSuite) TestVppProxyHttpTcp() {
-       configureVppProxy(s)
-       err := testProxyHttpTcp(s)
+       proto := "tcp"
+       configureVppProxy(s, proto)
+       err := testProxyHttpTcp(s, proto)
+       s.assertNil(err)
+}
+
+func (s *NsSuite) TestVppProxyHttpTls() {
+       proto := "tls"
+       configureVppProxy(s, proto)
+       err := testProxyHttpTcp(s, proto)
        s.assertNil(err)
 }
 
@@ -88,6 +96,6 @@ func configureEnvoyProxy(s *NsSuite) {
 
 func (s *NsSuite) TestEnvoyProxyHttpTcp() {
        configureEnvoyProxy(s)
-       err := testProxyHttpTcp(s)
+       err := testProxyHttpTcp(s, "tcp")
        s.assertNil(err)
 }

diff --git a/extras/hs-test/vppinstance.go b/extras/hs-test/vppinstance.go
index e31b792..e909b85 100644 (file)
--- a/extras/hs-test/vppinstance.go
+++ b/extras/hs-test/vppinstance.go
@@ -58,6 +58,7 @@ plugins {
   plugin http_plugin.so { enable }
   plugin http_static_plugin.so { enable }
   plugin prom_plugin.so { enable }
+  plugin tlsopenssl_plugin.so { enable }
 }
 
 logging {