commit 0a21f0a1d52783fa3cc460e2724a3376a5f58997
author Paul Belanger <pabelanger@redhat.com> Tue Jun 13 13:14:42 2017 -0400
committer Paul Belanger <pabelanger@redhat.com> Wed Jun 14 10:10:45 2017 -0400
tree e51c01662132d0706d6b33e6d7bdcfd8db41e247
parent 16912d9e8a1f4de204cf7e0f7af84581e1a7cb4c

Add ssl support to gearman / gearman_server

Enable SSL support for gearman. We also created an new SSLZuulBaseTest
class to provide a simple way to use SSL end to end where possible. A
future patch will enable support in zookeeper.

Change-Id: Ia8b89bab475d758cc6a021988f8d79ead8836a9d
Signed-off-by: Paul Belanger <pabelanger@redhat.com>

tests/base.py

diff --git a/tests/base.py b/tests/base.py
index fae23fe..1fe9739 100755
--- a/tests/base.py
+++ b/tests/base.py
@@ -1359,9 +1359,20 @@
 
     """
 
-    def __init__(self):
+    def __init__(self, use_ssl=False):
         self.hold_jobs_in_queue = False
-        super(FakeGearmanServer, self).__init__(0)
+        if use_ssl:
+            ssl_ca = os.path.join(FIXTURE_DIR, 'gearman/root-ca.pem')
+            ssl_cert = os.path.join(FIXTURE_DIR, 'gearman/server.pem')
+            ssl_key = os.path.join(FIXTURE_DIR, 'gearman/server.key')
+        else:
+            ssl_ca = None
+            ssl_cert = None
+            ssl_key = None
+
+        super(FakeGearmanServer, self).__init__(0, ssl_key=ssl_key,
+                                                ssl_cert=ssl_cert,
+                                                ssl_ca=ssl_ca)
 
     def getJobForConnection(self, connection, peek=False):
         for queue in [self.high_queue, self.normal_queue, self.low_queue]:
@@ -1815,6 +1826,7 @@
     config_file = 'zuul.conf'
     run_ansible = False
     create_project_keys = False
+    use_ssl = False
 
     def _startMerger(self):
         self.merge_server = zuul.merger.server.MergeServer(self.config,
@@ -1872,11 +1884,22 @@
         reload_module(statsd)
         reload_module(zuul.scheduler)
 
-        self.gearman_server = FakeGearmanServer()
+        self.gearman_server = FakeGearmanServer(self.use_ssl)
 
         self.config.set('gearman', 'port', str(self.gearman_server.port))
         self.log.info("Gearman server on port %s" %
                       (self.gearman_server.port,))
+        if self.use_ssl:
+            self.log.info('SSL enabled for gearman')
+            self.config.set(
+                'gearman', 'ssl_ca',
+                os.path.join(FIXTURE_DIR, 'gearman/root-ca.pem'))
+            self.config.set(
+                'gearman', 'ssl_cert',
+                os.path.join(FIXTURE_DIR, 'gearman/client.pem'))
+            self.config.set(
+                'gearman', 'ssl_key',
+                os.path.join(FIXTURE_DIR, 'gearman/client.key'))
 
         gerritsource.GerritSource.replication_timeout = 1.5
         gerritsource.GerritSource.replication_retry_interval = 0.5
@@ -2686,6 +2709,11 @@
     run_ansible = True
 
 
+class SSLZuulTestCase(ZuulTestCase):
+    """ZuulTestCase but with an but using SSL when possible"""
+    use_ssl = True
+
+
 class ZuulDBTestCase(ZuulTestCase):
     def setup_config(self):
         super(ZuulDBTestCase, self).setup_config()