test(rust): segment orchestrator bats tests

build-trust · Feb 26, 2025 · 2f45238 · 2f45238
1 parent fe9d301
commit 2f45238
Show file tree

Hide file tree

Showing 22 changed files with 449 additions and 368 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/implementations/rust/ockam/ockam_command/tests/bats/load/orchestrator.bash b/implementations/rust/ockam/ockam_command/tests/bats/load/orchestrator.bash
@@ -47,3 +47,16 @@ function copy_enrolled_home_dir() {
     cp -a $OCKAM_HOME_BASE/database.sqlite3 $OCKAM_HOME/
   fi
 }
+
+export DEFAULT_TICKET_PATH="$OCKAM_HOME_BASE/.tmp/default.ticket"
+function get_default_ticket() {
+  if [ ! -z "${ORCHESTRATOR_TESTS}" ]; then
+    # if the ticket doesn't exist, create it
+    if [ ! -f "$DEFAULT_TICKET_PATH" ]; then
+      OCKAM_HOME=$OCKAM_HOME_BASE "$OCKAM" project ticket --usage-count 1000 --expires-in 1h >$DEFAULT_TICKET_PATH
+    fi
+
+  fi
+  # return the path to the ticket
+  echo "$DEFAULT_TICKET_PATH"
+}
diff --git a/implementations/rust/ockam/ockam_command/tests/bats/local/authority.bats b/implementations/rust/ockam/ockam_command/tests/bats/local/authority.bats
@@ -88,12 +88,12 @@ teardown() {
   "id": "1",
   "name": "default",
   "space_name": "together-porgy",
-  "access_route": "/dnsaddr/127.0.0.1/tcp/4000/service/api",
+  "access_route": "/ip4/127.0.0.1/tcp/4000/service/api",
   "users": [],
   "space_id": "1",
   "identity": "I923829d0397a06fa862be5a87b7966959b8ef99ab6455b843ca9131a747b4819",
   "project_change_history": "81825837830101583285f68200815820f405e06d988fa8039cce1cd0ae607e46847c1b64bc459ca9d89dd9b21ae30681f41a654cebe91a7818eee98200815840494c9b70e8a9ad5593fceb478f722a513b4bd39fa70f4265d584253bc24617d0eb498ce532273f6d0d5326921e013696fce57c20cc6c4008f74b816810f0b009",
-  "authority_access_route": "/dnsaddr/127.0.0.1/tcp/$port/service/api",
+  "authority_access_route": "/ip4/127.0.0.1/tcp/$port/service/api",
   "authority_identity": "$authority_identity_full",
   "version": "605c4632ded93eb17edeeef31fa3860db225b3ab-2023-12-05",
   "running": false,
@@ -161,12 +161,12 @@ EOF
   "id": "1",
   "name": "default",
   "space_name": "together-porgy",
-  "access_route": "/dnsaddr/127.0.0.1/tcp/4000/service/api",
+  "access_route": "/ip4/127.0.0.1/tcp/4000/service/api",
   "users": [],
   "space_id": "1",
   "identity": "I923829d0397a06fa862be5a87b7966959b8ef99ab6455b843ca9131a747b4819",
   "project_change_history": "81825837830101583285f68200815820f405e06d988fa8039cce1cd0ae607e46847c1b64bc459ca9d89dd9b21ae30681f41a654cebe91a7818eee98200815840494c9b70e8a9ad5593fceb478f722a513b4bd39fa70f4265d584253bc24617d0eb498ce532273f6d0d5326921e013696fce57c20cc6c4008f74b816810f0b009",
-  "authority_access_route": "/dnsaddr/127.0.0.1/tcp/$port/service/api",
+  "authority_access_route": "/ip4/127.0.0.1/tcp/$port/service/api",
   "authority_identity": "$authority_identity_full",
   "version": "605c4632ded93eb17edeeef31fa3860db225b3ab-2023-12-05",
   "running": false,
@@ -220,12 +220,12 @@ EOF
   "id": "1",
   "name": "default",
   "space_name": "together-porgy",
-  "access_route": "/dnsaddr/127.0.0.1/tcp/4000/service/api",
+  "access_route": "/ip4/127.0.0.1/tcp/4000/service/api",
   "users": [],
   "space_id": "1",
   "identity": "I923829d0397a06fa862be5a87b7966959b8ef99ab6455b843ca9131a747b4819",
   "project_change_history": "81825837830101583285f68200815820f405e06d988fa8039cce1cd0ae607e46847c1b64bc459ca9d89dd9b21ae30681f41a654cebe91a7818eee98200815840494c9b70e8a9ad5593fceb478f722a513b4bd39fa70f4265d584253bc24617d0eb498ce532273f6d0d5326921e013696fce57c20cc6c4008f74b816810f0b009",
-  "authority_access_route": "/dnsaddr/127.0.0.1/tcp/$port/service/api",
+  "authority_access_route": "/ip4/127.0.0.1/tcp/$port/service/api",
   "authority_identity": "$authority_identity_full",
   "version": "605c4632ded93eb17edeeef31fa3860db225b3ab-2023-12-05",
   "running": false,
@@ -270,12 +270,12 @@ EOF
   "id": "1",
   "name": "default",
   "space_name": "together-porgy",
-  "access_route": "/dnsaddr/127.0.0.1/tcp/4000/service/api",
+  "access_route": "/ip4/127.0.0.1/tcp/4000/service/api",
   "users": [],
   "space_id": "1",
   "identity": "I923829d0397a06fa862be5a87b7966959b8ef99ab6455b843ca9131a747b4819",
   "project_change_history": "81825837830101583285f68200815820f405e06d988fa8039cce1cd0ae607e46847c1b64bc459ca9d89dd9b21ae30681f41a654cebe91a7818eee98200815840494c9b70e8a9ad5593fceb478f722a513b4bd39fa70f4265d584253bc24617d0eb498ce532273f6d0d5326921e013696fce57c20cc6c4008f74b816810f0b009",
-  "authority_access_route": "/dnsaddr/127.0.0.1/tcp/$port/service/api",
+  "authority_access_route": "/ip4/127.0.0.1/tcp/$port/service/api",
   "authority_identity": "$authority_identity_full",
   "version": "605c4632ded93eb17edeeef31fa3860db225b3ab-2023-12-05",
   "running": false,

diff --git a/implementations/rust/ockam/ockam_command/tests/bats/orchestrator/message.bats b/implementations/rust/ockam/ockam_command/tests/bats/orchestrator/message.bats
@@ -22,37 +22,3 @@ teardown() {
   run_success "$OCKAM" message send "$msg" --to /project/default/service/echo
   assert_output "$msg"
 }
-
-@test "message - send a message to a project node from a background node" {
-  run_success "$OCKAM" node create blue
-
-  msg=$(random_str)
-  run_success "$OCKAM" message send "$msg" --from /node/blue --to /project/default/service/echo
-  assert_output "$msg"
-}
-
-@test "message - send a message to a project node from an embedded node, passing identity" {
-  run_success "$OCKAM" identity create m1
-  m1_identifier=$($OCKAM identity show m1)
-
-  run_success "$OCKAM" project-member add "$m1_identifier" --attribute role=member
-  sleep 2
-
-  # m1 identity was added by enroller
-  run_success "$OCKAM" project enroll --identity m1
-
-  # m1 is a member, must be able to contact the project' service
-  msg=$(random_str)
-  run_success "$OCKAM" message send --timeout 5 --identity m1 --to /project/default/service/echo "$msg"
-  assert_output "$msg"
-
-  # m2 is not a member, must not be able to contact the project' service
-  run_success "$OCKAM" identity create m2
-  run_failure "$OCKAM" message send --no-retry --timeout 5 --identity m2 --to /project/default/service/echo "$msg"
-}
-
-@test "message - send a hex encoded message to a project node from an embedded node" {
-  msg=$(random_hex_str)
-  run_success "$OCKAM" message send "$msg" --to /project/default/service/echo --hex
-  assert_output "$msg"
-}
diff --git a/implementations/rust/ockam/ockam_command/tests/bats/orchestrator/portals.bats b/implementations/rust/ockam/ockam_command/tests/bats/orchestrator/portals.bats
@@ -33,32 +33,6 @@ teardown() {
   run_success curl -sfI --retry-all-errors --retry-delay 5 --retry 10 -m 5 "127.0.0.1:$port"
 }
 
-@test "portals - create an inlet using only default arguments, an outlet, a relay in an orchestrator project and move tcp traffic through it" {
-  run_success "$OCKAM" node create blue
-  run_success "$OCKAM" tcp-outlet create --at /node/blue --to 127.0.0.1:$PYTHON_SERVER_PORT
-
-  relay_name=$(random_str)
-  run_success "$OCKAM" relay create "$relay_name" --to /node/blue
-
-  addr=$($OCKAM tcp-inlet create --via $relay_name)
-  run_success curl -sfI --retry-all-errors --retry-delay 5 --retry 10 -m 5 $addr
-}
-
-@test "portals - create an inlet (with implicit secure channel creation), an outlet, a relay in an orchestrator project and move tcp traffic through it" {
-  port="$(random_port)"
-
-  run_success "$OCKAM" node create blue
-  run_success "$OCKAM" tcp-outlet create --at /node/blue --to 127.0.0.1:$PYTHON_SERVER_PORT
-
-  relay_name="$(random_str)"
-  run_success "$OCKAM" relay create "$relay_name" --to /node/blue
-
-  run_success "$OCKAM" node create green
-  run_success "$OCKAM" tcp-inlet create --at /node/green --from "$port" --via "$relay_name"
-
-  run_success curl -sfI --retry-all-errors --retry-delay 5 --retry 10 -m 5 "127.0.0.1:$port"
-}
-
 @test "portals - inlet/outlet example with credential, not provided" {
   ENROLLED_OCKAM_HOME=$OCKAM_HOME
 
@@ -93,220 +67,3 @@ teardown() {
   # Green can't establish secure channel with blue, because it didn't exchange credential with it.
   run_failure curl -sfI -m 3 "127.0.0.1:$port"
 }
-
-@test "portals - inlet (with implicit secure channel creation) / outlet example with credential, not provided" {
-  port="$(random_port)"
-  ENROLLED_OCKAM_HOME=$OCKAM_HOME
-  setup_home_dir
-  NON_ENROLLED_OCKAM_HOME=$OCKAM_HOME
-  "$OCKAM" project import --project-file $PROJECT_PATH
-
-  run_success "$OCKAM" identity create green
-  run_success "$OCKAM" identity create blue
-  green_identifier=$($OCKAM identity show green)
-  blue_identifier=$($OCKAM identity show blue)
-
-  relay_name="$(random_str)"
-  run_success "$OCKAM" node create green --identity green
-  run_success "$OCKAM" node create blue --identity blue
-
-  # Green isn't enrolled as project member
-  export OCKAM_HOME=$ENROLLED_OCKAM_HOME
-  run_success "$OCKAM" project-member add "$blue_identifier" --attribute role=member --relay $relay_name
-  sleep 2
-
-  export OCKAM_HOME=$NON_ENROLLED_OCKAM_HOME
-  run_success "$OCKAM" tcp-outlet create --at /node/blue --to 127.0.0.1:$PYTHON_SERVER_PORT
-
-  run_success "$OCKAM" relay create "$relay_name" --to /node/blue
-  assert_output --partial "forward_to_$relay_name"
-
-  run_success "$OCKAM" tcp-inlet create --at /node/green --from "$port" --via "$relay_name"
-  # Green can't establish secure channel with blue, because it isn't a member
-  run_failure curl -sfI -m 3 "127.0.0.1:$port"
-}
-
-@test "portals - inlet/outlet example with credential" {
-  port="$(random_port)"
-  ENROLLED_OCKAM_HOME=$OCKAM_HOME
-
-  # Setup non-enrolled identities
-  setup_home_dir
-  NON_ENROLLED_OCKAM_HOME=$OCKAM_HOME
-  "$OCKAM" project import --project-file $PROJECT_PATH
-
-  run_success "$OCKAM" identity create green
-  run_success "$OCKAM" identity create blue
-  green_identifier=$($OCKAM identity show green)
-  blue_identifier=$($OCKAM identity show blue)
-
-  relay_name="$(random_str)"
-  run_success "$OCKAM" node create green --identity green
-  run_success "$OCKAM" node create blue --identity blue
-
-  # Add identities as members of the project
-  export OCKAM_HOME=$ENROLLED_OCKAM_HOME
-  run_success "$OCKAM" project-member add "$blue_identifier" --attribute role=member --relay $relay_name
-  run_success "$OCKAM" project-member add "$green_identifier" --attribute role=member
-  sleep 2
-
-  # Use project from the now enrolled identities
-  export OCKAM_HOME=$NON_ENROLLED_OCKAM_HOME
-  run_success "$OCKAM" tcp-outlet create --at /node/blue --to 127.0.0.1:$PYTHON_SERVER_PORT
-
-  run_success "$OCKAM" relay create "$relay_name" --to /node/blue
-  assert_output --partial "forward_to_$relay_name"
-
-  run_success bash -c "$OCKAM secure-channel create --from /node/green --to /project/default/service/forward_to_$relay_name/service/api \
-              | $OCKAM tcp-inlet create --at /node/green --from $port --to -/service/outlet"
-
-  run_success curl -sfI --retry-all-errors --retry-delay 5 --retry 10 -m 5 "127.0.0.1:$port"
-}
-
-@test "portals - inlet (with implicit secure channel creation) / outlet example with enrollment token" {
-  port="$(random_port)"
-  ENROLLED_OCKAM_HOME=$OCKAM_HOME
-
-  relay_name="$(random_str)"
-  green_token=$($OCKAM project ticket --usage-count 10 --attribute app=app1)
-  blue_token=$($OCKAM project ticket --usage-count 10 --attribute app=app1 --relay $relay_name)
-
-  setup_home_dir
-  NON_ENROLLED_OCKAM_HOME=$OCKAM_HOME
-  #  "$OCKAM" project import --project-file $PROJECT_PATH
-
-  run_success "$OCKAM" identity create green
-  run_success "$OCKAM" identity create blue
-
-  run_success "$OCKAM" project enroll $green_token --identity green
-  run_success "$OCKAM" node create green --identity green
-
-  run_success "$OCKAM" project enroll $blue_token --identity blue
-  run_success "$OCKAM" node create blue --identity blue
-
-  run_success "$OCKAM" tcp-outlet create --at /node/blue \
-    --to 127.0.0.1:$PYTHON_SERVER_PORT --allow '(= subject.app "app1")'
-
-  run_success "$OCKAM" relay create "$relay_name" --to /node/blue
-  assert_output --partial "forward_to_$relay_name"
-
-  run_success "$OCKAM" tcp-inlet create --at /node/green \
-    --from "$port" --via "$relay_name" --allow '(= subject.app "app1")'
-
-  run_success curl -sfI --retry-all-errors --retry-delay 5 --retry 10 -m 5 "127.0.0.1:$port"
-}
-
-@test "portals - local inlet and outlet passing through a relay, removing and re-creating the outlet" {
-  inlet_port="$(random_port)"
-  node_port="$(random_port)"
-  relay_name="$(random_str)"
-
-  run_success "$OCKAM" node create blue --tcp-listener-address "127.0.0.1:$node_port"
-  run_success "$OCKAM" tcp-outlet create --at /node/blue --to 127.0.0.1:$PYTHON_SERVER_PORT
-  run_success "$OCKAM" relay create "$relay_name" --to /node/blue
-
-  run_success "$OCKAM" node create green
-  run_success "$OCKAM" tcp-inlet create --at /node/green --from "$inlet_port" --via "$relay_name"
-  run_success curl -sfI --retry-all-errors --retry-delay 5 --retry 10 -m 5 "127.0.0.1:$inlet_port"
-
-  $OCKAM node delete blue --yes
-  run_failure curl -sfI -m 3 "127.0.0.1:$inlet_port"
-
-  run_success "$OCKAM" node create blue --tcp-listener-address "127.0.0.1:$node_port"
-  run_success "$OCKAM" tcp-outlet create --at /node/blue --to 127.0.0.1:$PYTHON_SERVER_PORT
-  run_success "$OCKAM" relay create "$relay_name" --to /node/blue
-  run_success curl -sfI --retry-all-errors --retry-delay 5 --retry 10 -m 5 "127.0.0.1:$inlet_port"
-}
-
-@test "portals - create an inlet/outlet pair, copy heavy payload" {
-  port="$(random_port)"
-  relay_name="$(random_str)"
-
-  run_success "$OCKAM" node create blue
-  sleep 1
-  run_success "$OCKAM" relay create "${relay_name}" --to /node/blue
-  run_success "$OCKAM" tcp-outlet create --at /node/blue --to "$PYTHON_SERVER_PORT"
-
-  run_success "$OCKAM" node create green
-  run_success "$OCKAM" tcp-inlet create --at /node/green --from "${port}" \
-    --to "/project/default/service/forward_to_${relay_name}/secure/api/service/outlet"
-
-  # generate 10MB of random data
-  run_success openssl rand -out "${OCKAM_HOME_BASE}/.tmp/payload" $((1024 * 1024 * 10))
-
-  # write payload to file `payload.copy`
-  run_success curl -sf --retry-all-errors --retry-delay 5 --retry 10 -m 60 "127.0.0.1:${port}/.tmp/payload" -o "${OCKAM_HOME}/payload.copy"
-
-  # compare `payload` and `payload.copy`
-  run_success cmp "${OCKAM_HOME_BASE}/.tmp/payload" "${OCKAM_HOME}/payload.copy"
-}
-
-@test "portals - create an inlet/outlet pair, connection goes down, connection restored" {
-  inlet_port="$(random_port)"
-  socat_port="$(random_port)"
-
-  project_address=$($OCKAM project show default --output json | jq .access_route -r | sed 's#/dnsaddr/\([^/]*\)/.*#\1#')
-  project_port=$($OCKAM project show default --output json | jq .access_route -r | sed 's#.*/tcp/\([^/]*\)/.*#\1#')
-  project_id=$($OCKAM project show default --output json | jq .id -r)
-
-  # pass traffic through socat, so we can simulate the connection being interrupted
-  socat TCP-LISTEN:${socat_port},reuseaddr TCP:${project_address}:${project_port} &
-  socat_pid=$!
-
-  run_success "$OCKAM" node create blue
-  run_success "$OCKAM" tcp-outlet create --at /node/blue --to 127.0.0.1:$PYTHON_SERVER_PORT
-
-  relay_name="$(random_str)"
-  run_success "$OCKAM" relay create "${relay_name}" --project-relay --to /node/blue \
-    --at "/ip4/127.0.0.1/tcp/${socat_port}/service/$project_id/secure/api"
-
-  run_success "$OCKAM" node create green
-  run_success "$OCKAM" tcp-inlet create --at /node/green --from "${inlet_port}" \
-    --via "${relay_name}"
-
-  run_success curl -sfI --retry-all-errors --retry-delay 5 --retry 10 -m 5 "127.0.0.1:${inlet_port}"
-  status=$("$OCKAM" relay show "${relay_name}" --output json | jq .connection_status -r)
-  assert_equal "$status" "Up"
-
-  kill -QUIT $socat_pid
-  sleep 1
-  run_failure curl -sfI -m 3 "127.0.0.1:${inlet_port}"
-  sleep 40
-  status=$("$OCKAM" relay show "${relay_name}" --output json | jq .connection_status -r)
-  assert [ "$status" != "Up" ]
-
-  # restore connection
-  socat TCP-LISTEN:${socat_port},reuseaddr TCP:${project_address}:${project_port} &
-  socat_pid=$!
-  sleep 2
-
-  run_success curl -sfI --retry-all-errors --retry-delay 2 --retry 10 -m 30 "127.0.0.1:${inlet_port}"
-  status=$("$OCKAM" relay show "${relay_name}" --output json | jq .connection_status -r)
-  assert_equal "$status" "Up"
-
-  kill -QUIT $socat_pid
-}
-
-@test "portals - create a local TLS inlet, https works without skipping verification" {
-  skip
-  port="$(random_port)"
-
-  ticket=$($OCKAM project ticket --usage-count 10 --tls)
-  setup_home_dir
-  run_success "$OCKAM" project enroll "${ticket}"
-
-  run_success "$OCKAM" node create blue
-  run_success "$OCKAM" tcp-outlet create --at /node/blue --to 127.0.0.1:$PYTHON_SERVER_PORT
-  run_success "$OCKAM" tcp-inlet create --tls --from $port --to /secure/api/service/outlet
-
-  # first wait for the connection without validation
-  run_success curl -sfI --insecure --retry-all-errors --retry-delay 5 --retry 10 -m 5 \
-    "https://127.0.0.1:${port}"
-
-  # extract certificate subject
-  subject=$(openssl s_client -showcerts -connect "127.0.0.1:${port}" </dev/null 2>&1 |
-    grep -o 'subject=CN=.*' | sed -E 's/.*CN=[*][.](.*)/\1/')
-
-  run_success curl -sfI --retry-all-errors --retry-delay 5 --retry 10 -m 5 \
-    "https://arbitrary-name.${subject}:${port}"
-}