def test_ssl_only(self):
""" make sure we are not exposing any non-ssl connections in production environment """
done = False
sleep_time = 2
# start production environment
subprocess.call(["./production_test_env.py", "--start"])
# get all exposed ports from docker
for _ in range(3):
exposed_hosts = subprocess.check_output("docker ps | grep %s | grep -o -E '0.0.0.0:[0-9]*'" % ("testprod"), shell=True)
try:
for host in exposed_hosts.split():
with contextlib.closing(ssl.wrap_socket(socket.socket())) as sock:
logging.info("%s: connect to host with TLS" % host)
host, port = host.split(":")
sock.connect((host, int(port)))
done = True
except:
sleep_time *= 2
time.sleep(sleep_time)
continue
if done:
break
# tear down production env
subprocess.call(["./production_test_env.py", "--kill"])
if not done:
pytest.fail("failed to connect to production env. using SSL")
评论列表
文章目录
