From: Zbigniew Jędrzejewski-Szmek Date: Tue, 7 Apr 2026 12:34:53 +0000 (+0200) Subject: test: add HTTPS upload test for systemd-report X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b7ac32c2c38af30e27bb754cfce899a66209514d;p=thirdparty%2Fsystemd.git test: add HTTPS upload test for systemd-report Extend fake-report-server.py with optional --cert, --key, --port arguments for TLS support. Add a test case that generates a self-signed certificate and tests HTTPS upload of metrics and facts. Also exercise the --header param. Co-developed-by: Claude Opus 4.6 --- diff --git a/test/integration-tests/TEST-74-AUX-UTILS/TEST-74-AUX-UTILS.units/fake-report-server.py b/test/integration-tests/TEST-74-AUX-UTILS/TEST-74-AUX-UTILS.units/fake-report-server.py index 45cc34fa533..4875a00bada 100755 --- a/test/integration-tests/TEST-74-AUX-UTILS/TEST-74-AUX-UTILS.units/fake-report-server.py +++ b/test/integration-tests/TEST-74-AUX-UTILS/TEST-74-AUX-UTILS.units/fake-report-server.py @@ -1,7 +1,7 @@ #!/usr/bin/python3 # SPDX-License-Identifier: LGPL-2.1-or-later -import json, os, socket +import argparse, json, os, socket, ssl from http.server import BaseHTTPRequestHandler, HTTPServer def sd_notify(state: str) -> bool: @@ -22,6 +22,10 @@ class Handler(BaseHTTPRequestHandler): length = int(self.headers.get("Content-Length", 0)) body = self.rfile.read(length) + # Check optional attribute + if auth := self.headers.get("Authorization"): + print(f"Authorization: {auth}") + # Validate JSON structure try: data = json.loads(body) @@ -45,10 +49,20 @@ class Handler(BaseHTTPRequestHandler): def log_message(self, fmt, *args): print(f"{self.address_string()} - {fmt % args}") -PORT = 8089 +parser = argparse.ArgumentParser() +parser.add_argument("--port", type=int, default=8089) +parser.add_argument("--cert", help="TLS certificate file") +parser.add_argument("--key", help="TLS private key file") +args = parser.parse_args() -server = HTTPServer(("", PORT), Handler) -print(f"Serving on http://localhost:{PORT}/") +server = HTTPServer(("", args.port), Handler) +if args.cert and args.key: + ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) + ctx.load_cert_chain(args.cert, args.key) + server.socket = ctx.wrap_socket(server.socket, server_side=True) + print(f"Serving on https://localhost:{args.port}/") +else: + print(f"Serving on http://localhost:{args.port}/") try: sd_notify("READY=1") server.serve_forever() diff --git a/test/units/TEST-74-AUX-UTILS.report.sh b/test/units/TEST-74-AUX-UTILS.report.sh index af134e980a2..53b83c4dd94 100755 --- a/test/units/TEST-74-AUX-UTILS.report.sh +++ b/test/units/TEST-74-AUX-UTILS.report.sh @@ -67,15 +67,30 @@ varlinkctl --more call /run/systemd/report/io.systemd.Basic io.systemd.Facts.Lis varlinkctl --more call /run/systemd/report/io.systemd.Basic io.systemd.Facts.Describe {} # Test HTTP upload (plain http) +FAKE_SERVER=/usr/lib/systemd/tests/integration-tests/TEST-74-AUX-UTILS/TEST-74-AUX-UTILS.units/fake-report-server.py +CERTDIR=$(mktemp -d) + at_exit() { set +e - systemctl stop fake-report-server + systemctl stop fake-report-server fake-report-server-tls + rm -rf "$CERTDIR" } trap at_exit EXIT -systemd-run -p Type=notify --unit=fake-report-server \ - /usr/lib/systemd/tests/integration-tests/TEST-74-AUX-UTILS/TEST-74-AUX-UTILS.units/fake-report-server.py +systemd-run -p Type=notify --unit=fake-report-server "$FAKE_SERVER" systemctl status fake-report-server "$REPORT" metrics --url=http://localhost:8089/ "$REPORT" facts --url=http://localhost:8089/ + +# Test HTTPS upload with generated TLS certificates +openssl req -x509 -newkey rsa:2048 -keyout "$CERTDIR/server.key" -out "$CERTDIR/server.crt" \ + -days 1 -nodes -subj "/CN=localhost" 2>/dev/null + +systemd-run -p Type=notify --unit=fake-report-server-tls \ + "$FAKE_SERVER" --cert="$CERTDIR/server.crt" --key="$CERTDIR/server.key" --port=8090 +systemctl status fake-report-server-tls + +"$REPORT" metrics --url=https://localhost:8090/ --key=- --trust="$CERTDIR/server.crt" +"$REPORT" facts --url=https://localhost:8090/ --key=- --trust="$CERTDIR/server.crt" \ + --extra-header='Authorization: Bearer magic string'