From: Eric Blake <eblake@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Kevin Wolf" <kwolf@redhat.com>,
"Hanna Reitz" <hreitz@redhat.com>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"open list:Block layer core" <qemu-block@nongnu.org>
Subject: [PULL 09/15] tests/qemu-iotests: convert NBD TLS test to use standard filters
Date: Mon, 7 Mar 2022 19:44:13 -0600 [thread overview]
Message-ID: <20220308014419.3056549-10-eblake@redhat.com> (raw)
In-Reply-To: <20220308014419.3056549-1-eblake@redhat.com>
From: Daniel P. Berrangé <berrange@redhat.com>
Using standard filters is more future proof than rolling our own.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220304193610.3293146-10-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
---
tests/qemu-iotests/233 | 29 ++++++++++++++++-------------
tests/qemu-iotests/233.out | 8 --------
2 files changed, 16 insertions(+), 21 deletions(-)
diff --git a/tests/qemu-iotests/233 b/tests/qemu-iotests/233
index 9ca7b68f42cf..050267298d67 100755
--- a/tests/qemu-iotests/233
+++ b/tests/qemu-iotests/233
@@ -65,7 +65,7 @@ tls_x509_create_client "ca1" "client3"
echo
echo "== preparing image =="
_make_test_img 64M
-$QEMU_IO -c 'w -P 0x11 1m 1m' "$TEST_IMG" | _filter_qemu_io
+$QEMU_IO -c 'w -P 0x11 1m 1m' "$TEST_IMG" 2>&1 | _filter_qemu_io
echo
echo "== check TLS client to plain server fails =="
@@ -74,9 +74,9 @@ nbd_server_start_tcp_socket -f $IMGFMT "$TEST_IMG" 2> "$TEST_DIR/server.log"
obj=tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0
$QEMU_IMG info --image-opts --object $obj \
driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \
- 2>&1 | sed "s/$nbd_tcp_port/PORT/g"
+ 2>&1 | _filter_nbd
$QEMU_NBD_PROG -L -b $nbd_tcp_addr -p $nbd_tcp_port --object $obj \
- --tls-creds=tls0
+ --tls-creds=tls0 2>&1 | _filter_qemu_nbd_exports
nbd_server_stop
@@ -88,8 +88,10 @@ nbd_server_start_tcp_socket \
--tls-creds tls0 \
-f $IMGFMT "$TEST_IMG" 2>> "$TEST_DIR/server.log"
-$QEMU_IMG info nbd://localhost:$nbd_tcp_port 2>&1 | sed "s/$nbd_tcp_port/PORT/g"
-$QEMU_NBD_PROG -L -b $nbd_tcp_addr -p $nbd_tcp_port
+$QEMU_IMG info nbd://localhost:$nbd_tcp_port \
+ 2>&1 | _filter_nbd
+$QEMU_NBD_PROG -L -b $nbd_tcp_addr -p $nbd_tcp_port \
+ 2>&1 | _filter_qemu_nbd_exports
echo
echo "== check TLS works =="
@@ -97,21 +99,21 @@ obj1=tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0
obj2=tls-creds-x509,dir=${tls_dir}/client3,endpoint=client,id=tls0
$QEMU_IMG info --image-opts --object $obj1 \
driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \
- 2>&1 | sed "s/$nbd_tcp_port/PORT/g"
+ 2>&1 | _filter_nbd
$QEMU_IMG info --image-opts --object $obj2 \
driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \
- 2>&1 | sed "s/$nbd_tcp_port/PORT/g"
+ 2>&1 | _filter_nbd
$QEMU_NBD_PROG -L -b $nbd_tcp_addr -p $nbd_tcp_port --object $obj1 \
- --tls-creds=tls0
+ --tls-creds=tls0 2>&1 | _filter_qemu_nbd_exports
echo
echo "== check TLS with different CA fails =="
obj=tls-creds-x509,dir=${tls_dir}/client2,endpoint=client,id=tls0
$QEMU_IMG info --image-opts --object $obj \
driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \
- 2>&1 | sed "s/$nbd_tcp_port/PORT/g"
+ 2>&1 | _filter_nbd
$QEMU_NBD_PROG -L -b $nbd_tcp_addr -p $nbd_tcp_port --object $obj \
- --tls-creds=tls0
+ --tls-creds=tls0 2>&1 | _filter_qemu_nbd_exports
echo
echo "== perform I/O over TLS =="
@@ -121,7 +123,8 @@ $QEMU_IO -c 'r -P 0x11 1m 1m' -c 'w -P 0x22 1m 1m' --image-opts \
driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \
2>&1 | _filter_qemu_io
-$QEMU_IO -f $IMGFMT -r -U -c 'r -P 0x22 1m 1m' "$TEST_IMG" | _filter_qemu_io
+$QEMU_IO -f $IMGFMT -r -U -c 'r -P 0x22 1m 1m' "$TEST_IMG" \
+ 2>&1 | _filter_qemu_io
echo
echo "== check TLS with authorization =="
@@ -139,12 +142,12 @@ nbd_server_start_tcp_socket \
$QEMU_IMG info --image-opts \
--object tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0 \
driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \
- 2>&1 | sed "s/$nbd_tcp_port/PORT/g"
+ 2>&1 | _filter_nbd
$QEMU_IMG info --image-opts \
--object tls-creds-x509,dir=${tls_dir}/client3,endpoint=client,id=tls0 \
driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \
- 2>&1 | sed "s/$nbd_tcp_port/PORT/g"
+ 2>&1 | _filter_nbd
echo
echo "== final server log =="
diff --git a/tests/qemu-iotests/233.out b/tests/qemu-iotests/233.out
index 4b1f6a0e1513..67a027d87986 100644
--- a/tests/qemu-iotests/233.out
+++ b/tests/qemu-iotests/233.out
@@ -17,15 +17,12 @@ wrote 1048576/1048576 bytes at offset 1048576
qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Denied by server for option 5 (starttls)
server reported: TLS not configured
qemu-nbd: Denied by server for option 5 (starttls)
-server reported: TLS not configured
== check plain client to TLS server fails ==
qemu-img: Could not open 'nbd://localhost:PORT': TLS negotiation required before option 7 (go)
Did you forget a valid tls-creds?
server reported: Option 0x7 not permitted before TLS
qemu-nbd: TLS negotiation required before option 3 (list)
-Did you forget a valid tls-creds?
-server reported: Option 0x3 not permitted before TLS
== check TLS works ==
image: nbd://127.0.0.1:PORT
@@ -39,12 +36,7 @@ disk size: unavailable
exports available: 1
export: ''
size: 67108864
- flags: 0xced ( flush fua trim zeroes df cache fast-zero )
min block: 1
- opt block: 4096
- max block: 33554432
- available meta contexts: 1
- base:allocation
== check TLS with different CA fails ==
qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': The certificate hasn't got a known issuer
--
2.35.1
next prev parent reply other threads:[~2022-03-08 1:57 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-08 1:44 [PULL 00/15] NBD patches for 7.0-rc0 Eric Blake
2022-03-08 1:44 ` [PULL 01/15] crypto: mandate a hostname when checking x509 creds on a client Eric Blake
2022-03-08 1:44 ` [PULL 02/15] block: pass desired TLS hostname through from block driver client Eric Blake
2022-03-08 1:44 ` [PULL 03/15] block/nbd: support override of hostname for TLS certificate validation Eric Blake
2022-03-08 1:44 ` [PULL 04/15] qemu-nbd: add --tls-hostname option " Eric Blake
2022-03-08 1:44 ` [PULL 05/15] block/nbd: don't restrict TLS usage to IP sockets Eric Blake
2022-03-08 1:44 ` [PULL 06/15] tests/qemu-iotests: add QEMU_IOTESTS_REGEN=1 to update reference file Eric Blake
2022-03-08 1:44 ` [PULL 07/15] tests/qemu-iotests: expand _filter_nbd rules Eric Blake
2022-03-08 1:44 ` [PULL 08/15] tests/qemu-iotests: introduce filter for qemu-nbd export list Eric Blake
2022-03-08 1:44 ` Eric Blake [this message]
2022-03-08 1:44 ` [PULL 10/15] tests/qemu-iotests: validate NBD TLS with hostname mismatch Eric Blake
2022-03-08 1:44 ` [PULL 11/15] tests/qemu-iotests: validate NBD TLS with UNIX sockets Eric Blake
2022-03-08 1:44 ` [PULL 12/15] tests/qemu-iotests: validate NBD TLS with UNIX sockets and PSK Eric Blake
2022-03-08 1:44 ` [PULL 13/15] nbd/server: Minor cleanups Eric Blake
2022-03-08 1:44 ` [PULL 14/15] qemu-io: Utilize 64-bit status during map Eric Blake
2022-03-08 1:44 ` [PULL 15/15] qemu-io: Allow larger write zeroes under no fallback Eric Blake
2022-03-09 15:50 ` [PULL 00/15] NBD patches for 7.0-rc0 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220308014419.3056549-10-eblake@redhat.com \
--to=eblake@redhat.com \
--cc=berrange@redhat.com \
--cc=hreitz@redhat.com \
--cc=kwolf@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.