1. Patchew
  2. QEMU
  3. View series

[PATCH v3 0/9] tests: introduce testing coverage for TLS with migration

Daniel P. Berrangé posted 9 patches 2 years ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20220426160048.812266-1-berrange@redhat.com
Maintainers: Thomas Huth <thuth@redhat.com>, Laurent Vivier <lvivier@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, Juan Quintela <quintela@redhat.com>, "Dr. David Alan Gilbert" <dgilbert@redhat.com>, "Daniel P. Berrangé" <berrange@redhat.com>
meson.build                          |   1 +
tests/qtest/meson.build              |  12 +-
tests/qtest/migration-helpers.c      |  13 +
tests/qtest/migration-helpers.h      |   1 +
tests/qtest/migration-test.c         | 866 ++++++++++++++++++++++++---
tests/unit/crypto-tls-psk-helpers.c  |  18 +-
tests/unit/crypto-tls-psk-helpers.h  |   1 +
tests/unit/crypto-tls-x509-helpers.c |  16 +-
tests/unit/crypto-tls-x509-helpers.h |  53 ++
tests/unit/test-crypto-tlssession.c  |  11 +-
10 files changed, 897 insertions(+), 95 deletions(-)
[PATCH v3 0/9] tests: introduce testing coverage for TLS with migration
Posted by Daniel P. Berrangé 2 years ago 
This significantly expands the migration test suite to cover testing
with TLS over TCP and UNIX sockets, with both PSK (pre shared keys)
and x509 credentials, and for both single and multifd scenarios.

It identified one bug in handling PSK credentials with UNIX sockets,
but other than that everything was operating as expected.

To minimize the impact on code duplication alopt of refactoring is
done of the migration tests to introduce a common helper for running
the migration process. The various tests mostly just have to provide
a callback to set a few parameters/capabilities before migration
starts, and sometimes a callback to cleanup or validate after
completion/failure.

Changed in v3:

  - Trivial rebase dropping already merged patches

Changed in v2:

  - Use structs to pass around most parameters
  - Hide expected errors from stderr

Daniel P. Berrangé (9):
  tests: fix encoding of IP addresses in x509 certs
  tests: add more helper macros for creating TLS x509 certs
  tests: add migration tests of TLS with PSK credentials
  tests: add migration tests of TLS with x509 credentials
  tests: convert XBZRLE migration test to use common helper
  tests: convert multifd migration tests to use common helper
  tests: add multifd migration tests of TLS with PSK credentials
  tests: add multifd migration tests of TLS with x509 credentials
  tests: ensure migration status isn't reported as failed

 meson.build                          |   1 +
 tests/qtest/meson.build              |  12 +-
 tests/qtest/migration-helpers.c      |  13 +
 tests/qtest/migration-helpers.h      |   1 +
 tests/qtest/migration-test.c         | 866 ++++++++++++++++++++++++---
 tests/unit/crypto-tls-psk-helpers.c  |  18 +-
 tests/unit/crypto-tls-psk-helpers.h  |   1 +
 tests/unit/crypto-tls-x509-helpers.c |  16 +-
 tests/unit/crypto-tls-x509-helpers.h |  53 ++
 tests/unit/test-crypto-tlssession.c  |  11 +-
 10 files changed, 897 insertions(+), 95 deletions(-)

-- 
2.35.1
Re: [PATCH v3 0/9] tests: introduce testing coverage for TLS with migration
Posted by Dr. David Alan Gilbert 1 year, 11 months ago 
* Daniel P. Berrangé (berrange@redhat.com) wrote:
> This significantly expands the migration test suite to cover testing
> with TLS over TCP and UNIX sockets, with both PSK (pre shared keys)
> and x509 credentials, and for both single and multifd scenarios.
> 
> It identified one bug in handling PSK credentials with UNIX sockets,
> but other than that everything was operating as expected.
> 
> To minimize the impact on code duplication alopt of refactoring is
> done of the migration tests to introduce a common helper for running
> the migration process. The various tests mostly just have to provide
> a callback to set a few parameters/capabilities before migration
> starts, and sometimes a callback to cleanup or validate after
> completion/failure.

Full set now queued again

> Changed in v3:
> 
>   - Trivial rebase dropping already merged patches
> 
> Changed in v2:
> 
>   - Use structs to pass around most parameters
>   - Hide expected errors from stderr
> 
> Daniel P. Berrangé (9):
>   tests: fix encoding of IP addresses in x509 certs
>   tests: add more helper macros for creating TLS x509 certs
>   tests: add migration tests of TLS with PSK credentials
>   tests: add migration tests of TLS with x509 credentials
>   tests: convert XBZRLE migration test to use common helper
>   tests: convert multifd migration tests to use common helper
>   tests: add multifd migration tests of TLS with PSK credentials
>   tests: add multifd migration tests of TLS with x509 credentials
>   tests: ensure migration status isn't reported as failed
> 
>  meson.build                          |   1 +
>  tests/qtest/meson.build              |  12 +-
>  tests/qtest/migration-helpers.c      |  13 +
>  tests/qtest/migration-helpers.h      |   1 +
>  tests/qtest/migration-test.c         | 866 ++++++++++++++++++++++++---
>  tests/unit/crypto-tls-psk-helpers.c  |  18 +-
>  tests/unit/crypto-tls-psk-helpers.h  |   1 +
>  tests/unit/crypto-tls-x509-helpers.c |  16 +-
>  tests/unit/crypto-tls-x509-helpers.h |  53 ++
>  tests/unit/test-crypto-tlssession.c  |  11 +-
>  10 files changed, 897 insertions(+), 95 deletions(-)
> 
> -- 
> 2.35.1
> 
> 
> 
-- 
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
Re: [PATCH v3 0/9] tests: introduce testing coverage for TLS with migration
Posted by Dr. David Alan Gilbert 2 years ago 
* Daniel P. Berrangé (berrange@redhat.com) wrote:
> This significantly expands the migration test suite to cover testing
> with TLS over TCP and UNIX sockets, with both PSK (pre shared keys)
> and x509 credentials, and for both single and multifd scenarios.
> 
> It identified one bug in handling PSK credentials with UNIX sockets,
> but other than that everything was operating as expected.
> 
> To minimize the impact on code duplication alopt of refactoring is
> done of the migration tests to introduce a common helper for running
> the migration process. The various tests mostly just have to provide
> a callback to set a few parameters/capabilities before migration
> starts, and sometimes a callback to cleanup or validate after
> completion/failure.

I've queued:
tests: ensure migration status isn't reported as failed
tests: convert multifd migration tests to use common helper
tests: convert XBZRLE migration test to use common helper
tests: fix encoding of IP addresses in x509 certs

I'd appreciate some TLS people to review the other parts.

Dave


> Changed in v3:
> 
>   - Trivial rebase dropping already merged patches
> 
> Changed in v2:
> 
>   - Use structs to pass around most parameters
>   - Hide expected errors from stderr
> 
> Daniel P. Berrangé (9):
>   tests: fix encoding of IP addresses in x509 certs
>   tests: add more helper macros for creating TLS x509 certs
>   tests: add migration tests of TLS with PSK credentials
>   tests: add migration tests of TLS with x509 credentials
>   tests: convert XBZRLE migration test to use common helper
>   tests: convert multifd migration tests to use common helper
>   tests: add multifd migration tests of TLS with PSK credentials
>   tests: add multifd migration tests of TLS with x509 credentials
>   tests: ensure migration status isn't reported as failed
> 
>  meson.build                          |   1 +
>  tests/qtest/meson.build              |  12 +-
>  tests/qtest/migration-helpers.c      |  13 +
>  tests/qtest/migration-helpers.h      |   1 +
>  tests/qtest/migration-test.c         | 866 ++++++++++++++++++++++++---
>  tests/unit/crypto-tls-psk-helpers.c  |  18 +-
>  tests/unit/crypto-tls-psk-helpers.h  |   1 +
>  tests/unit/crypto-tls-x509-helpers.c |  16 +-
>  tests/unit/crypto-tls-x509-helpers.h |  53 ++
>  tests/unit/test-crypto-tlssession.c  |  11 +-
>  10 files changed, 897 insertions(+), 95 deletions(-)
> 
> -- 
> 2.35.1
> 
> 
-- 
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.