diff options
| author | Markus Pettersson <markus.pettersson@mullvad.net> | 2024-08-07 11:00:15 +0200 |
|---|---|---|
| committer | Markus Pettersson <markus.pettersson@mullvad.net> | 2024-08-12 15:25:00 +0200 |
| commit | e593ca40447eda3045089eb92fb4264ff6773120 (patch) | |
| tree | d826bfa9fc3568f6e5a8c529b28a8ec2c7499dcc /test/test-manager/src/tests | |
| parent | 042f2f04d5b0a6dc172610cf81276b9bb28e9456 (diff) | |
| download | mullvadvpn-e593ca40447eda3045089eb92fb4264ff6773120.tar.xz mullvadvpn-e593ca40447eda3045089eb92fb4264ff6773120.zip | |
Replace OpenVPN CA certificate using CLI flag
Diffstat (limited to 'test/test-manager/src/tests')
| -rw-r--r-- | test/test-manager/src/tests/config.rs | 88 | ||||
| -rw-r--r-- | test/test-manager/src/tests/install.rs | 37 | ||||
| -rw-r--r-- | test/test-manager/src/tests/mod.rs | 12 |
3 files changed, 107 insertions, 30 deletions
diff --git a/test/test-manager/src/tests/config.rs b/test/test-manager/src/tests/config.rs index 58ebc4fa01..ae2f434698 100644 --- a/test/test-manager/src/tests/config.rs +++ b/test/test-manager/src/tests/config.rs @@ -1,9 +1,21 @@ use once_cell::sync::OnceCell; -use std::ops::Deref; +use std::{ops::Deref, path::Path}; use test_rpc::meta::Os; -// Default `mullvad_host`. This should match the production env. +/// Default `mullvad_host`. This should match the production env. pub const DEFAULT_MULLVAD_HOST: &str = "mullvad.net"; +/// Bundled OpenVPN CA certificate use with the installed Mullvad app. +const OPENVPN_CA_CERTIFICATE: &[u8] = include_bytes!(concat!( + env!("CARGO_MANIFEST_DIR"), + "/../assets/", + "openvpn.ca.crt" +)); +/// Script for bootstrapping the test-runner after the test-manager has successfully logged in. +pub const BOOTSTRAP_SCRIPT: &[u8] = include_bytes!(concat!( + env!("CARGO_MANIFEST_DIR"), + "/../scripts/", + "ssh-setup.sh" +)); /// Constants that are accessible from each test via `TEST_CONFIG`. /// The constants must be initialized before running any tests using `TEST_CONFIG.init()`. @@ -23,6 +35,78 @@ pub struct TestConfig { pub host_bridge_name: String, pub os: Os, + /// The OpenVPN CA certificate to use with the the installed Mullvad App. + pub openvpn_certificate: OpenVPNCertificate, +} + +impl TestConfig { + #[allow(clippy::too_many_arguments)] + // TODO: This argument list is very long, we should strive to shorten it if possible. + pub const fn new( + account_number: String, + artifacts_dir: String, + app_package_filename: String, + app_package_to_upgrade_from_filename: Option<String>, + ui_e2e_tests_filename: Option<String>, + mullvad_host: String, + host_bridge_name: String, + os: Os, + openvpn_certificate: OpenVPNCertificate, + ) -> Self { + Self { + account_number, + artifacts_dir, + app_package_filename, + app_package_to_upgrade_from_filename, + ui_e2e_tests_filename, + mullvad_host, + host_bridge_name, + os, + openvpn_certificate, + } + } +} + +/// The OpenVPN CA certificate to use with the installed Mullvad App. +#[derive(Clone, Debug)] +pub struct OpenVPNCertificate(Vec<u8>); + +impl OpenVPNCertificate { + pub fn from_file(path: impl AsRef<Path>) -> std::io::Result<Self> { + Ok(Self(std::fs::read(path)?)) + } +} + +impl Deref for OpenVPNCertificate { + type Target = [u8]; + + fn deref(&self) -> &Self::Target { + &self.0 + } +} + +impl Default for OpenVPNCertificate { + fn default() -> Self { + Self(Vec::from(OPENVPN_CA_CERTIFICATE)) + } +} + +/// A script which should be run *in* the test runner before the test run begins. +#[derive(Clone, Debug)] +pub struct BootstrapScript(Vec<u8>); + +impl Deref for BootstrapScript { + type Target = [u8]; + + fn deref(&self) -> &Self::Target { + &self.0 + } +} + +impl Default for BootstrapScript { + fn default() -> Self { + Self(Vec::from(BOOTSTRAP_SCRIPT)) + } } #[derive(Debug, Clone)] diff --git a/test/test-manager/src/tests/install.rs b/test/test-manager/src/tests/install.rs index 0c9e2b82fd..b92f68b413 100644 --- a/test/test-manager/src/tests/install.rs +++ b/test/test-manager/src/tests/install.rs @@ -1,5 +1,5 @@ use anyhow::{bail, Context}; -use std::time::Duration; +use std::{path::Path, time::Duration}; use mullvad_management_interface::MullvadProxyClient; use mullvad_types::{constraints::Constraint, relay_constraints}; @@ -29,14 +29,14 @@ pub async fn test_install_previous_app(_: TestContext, rpc: ServiceClient) -> an .context("Missing previous app version")?, )?) .await?; + log::debug!("Replacing the OpenVPN CA certificate"); + replace_openvpn_certificate(&rpc).await?; // verify that daemon is running if rpc.mullvad_daemon_get_status().await? != ServiceStatus::Running { bail!(Error::DaemonNotRunning); } - replace_openvpn_cert(&rpc).await?; - // Override env vars rpc.set_daemon_environment(get_app_env().await?).await?; @@ -270,7 +270,7 @@ pub async fn test_install_new_app(_: TestContext, rpc: ServiceClient) -> anyhow: rpc.set_daemon_log_level(test_rpc::mullvad_daemon::Verbosity::Trace) .await?; - replace_openvpn_cert(&rpc).await?; + replace_openvpn_certificate(&rpc).await?; // Override env vars rpc.set_daemon_environment(get_app_env().await?).await?; @@ -348,10 +348,9 @@ pub async fn test_installation_idempotency( Ok(()) } -async fn replace_openvpn_cert(rpc: &ServiceClient) -> Result<(), Error> { - use std::path::Path; - - const SOURCE_CERT_FILENAME: &str = "openvpn.ca.crt"; +/// Replace the OpenVPN CA certificate which is currently used by the installed Mullvad App. +/// This needs to be invoked after reach (re)installation to use the custom OpenVPN certificate. +async fn replace_openvpn_certificate(rpc: &ServiceClient) -> Result<(), Error> { const DEST_CERT_FILENAME: &str = "ca.crt"; let dest_dir = match TEST_CONFIG.os { @@ -360,18 +359,12 @@ async fn replace_openvpn_cert(rpc: &ServiceClient) -> Result<(), Error> { Os::Macos => "/Applications/Mullvad VPN.app/Contents/Resources", }; - rpc.copy_file( - Path::new(&TEST_CONFIG.artifacts_dir) - .join(SOURCE_CERT_FILENAME) - .as_os_str() - .to_string_lossy() - .into_owned(), - Path::new(dest_dir) - .join(DEST_CERT_FILENAME) - .as_os_str() - .to_string_lossy() - .into_owned(), - ) - .await - .map_err(Error::Rpc) + let dest = Path::new(dest_dir) + .join(DEST_CERT_FILENAME) + .as_os_str() + .to_string_lossy() + .into_owned(); + rpc.write_file(dest, TEST_CONFIG.openvpn_certificate.to_vec()) + .await + .map_err(Error::Rpc) } diff --git a/test/test-manager/src/tests/mod.rs b/test/test-manager/src/tests/mod.rs index 0a9a6913df..312e8ae2b3 100644 --- a/test/test-manager/src/tests/mod.rs +++ b/test/test-manager/src/tests/mod.rs @@ -14,18 +14,18 @@ mod tunnel; mod tunnel_state; mod ui; +pub use test_metadata::TestMetadata; + +use anyhow::Context; +use futures::future::BoxFuture; +use std::time::Duration; + use crate::{ mullvad_daemon::{MullvadClientArgument, RpcClientProvider}, tests::helpers::get_app_env, }; -use anyhow::Context; -pub use test_metadata::TestMetadata; use test_rpc::ServiceClient; -use futures::future::BoxFuture; - -use std::time::Duration; - const WAIT_FOR_TUNNEL_STATE_TIMEOUT: Duration = Duration::from_secs(40); #[derive(Clone)] |