Refactor redis core tests and start adding sentinel tests

bunkerity · Jan 16, 2024 · 36778f2 · 36778f2
1 parent 5fcdc1c
commit 36778f2
Show file tree

Hide file tree

Showing 6 changed files with 341 additions and 90 deletions.
diff --git a/tests/core/redis/Dockerfile.redis b/tests/core/redis/Dockerfile.redis
diff --git a/tests/core/redis/docker-compose.test.yml b/tests/core/redis/docker-compose.test.yml
@@ -12,11 +12,17 @@ services:
       REDIS_PORT: "6379"
       REDIS_DATABASE: "0"
       REDIS_SSL: "no"
+      REDIS_USERNAME: ""
+      REDIS_PASSWORD: ""
+      REDIS_SENTINEL_HOSTS: ""
+      REDIS_SENTINEL_USERNAME: ""
+      REDIS_SENTINEL_PASSWORD: ""
+      REDIS_SENTINEL_MASTER: "bw-master"
     extra_hosts:
-      - "www.example.com:1.0.0.2"
+      - "www.example.com:1.0.0.254"
     networks:
       bw-services:
-        ipv4_address: 1.0.0.3
+        ipv4_address: 1.0.0.253
 
 networks:
   bw-services:

diff --git a/tests/core/redis/docker-compose.yml b/tests/core/redis/docker-compose.yml
@@ -30,6 +30,12 @@ services:
       REDIS_PORT: "6379"
       REDIS_DATABASE: "0"
       REDIS_SSL: "no"
+      REDIS_USERNAME: ""
+      REDIS_PASSWORD: ""
+      REDIS_SENTINEL_HOSTS: ""
+      REDIS_SENTINEL_USERNAME: ""
+      REDIS_SENTINEL_PASSWORD: ""
+      REDIS_SENTINEL_MASTER: "bw-master"
       CUSTOM_CONF_SERVER_HTTP_ready: |
         location /ready {
           default_type 'text/plain';
@@ -42,7 +48,7 @@ services:
     networks:
       bw-universe:
       bw-services:
-        ipv4_address: 1.0.0.2
+        ipv4_address: 1.0.0.254
 
   bw-scheduler:
     image: bunkerity/bunkerweb-scheduler:1.5.5
@@ -67,15 +73,128 @@ services:
       - bw-docker
 
   bw-redis:
-    build:
-      context: .
-      dockerfile: Dockerfile.redis
+    image: bitnami/redis:7.2
+    volumes:
+      - ./acl:/acl
+      - ./tls:/tls
     environment:
-      REDIS_PORT: "6379"
-      REDIS_SSL: "no"
+      REDIS_PORT_NUMBER: "6379"
+      REDIS_TLS_PORT_NUMBER: "6379"
+      REDIS_ACLFILE: "/acl/redis.acl"
+      REDIS_TLS_ENABLED: "no"
+      REDIS_TLS_CERT_FILE: "/tls/redis.pem"
+      REDIS_TLS_KEY_FILE: "/tls/redis.key"
+      REDIS_TLS_CA_FILE: "/tls/ca.crt"
+      REDIS_TLS_AUTH_CLIENTS: "yes"
+      REDIS_REPLICATION_MODE: "master"
+      REDIS_MASTER_SET: "bw-master"
+      ALLOW_EMPTY_PASSWORD: "yes"
     networks:
-      bw-services:
-        ipv4_address: 1.0.0.4
+      - bw-services
+
+  bw-redis-slave:
+    image: bitnami/redis:7.2
+    volumes:
+      - ./acl:/acl
+      - ./tls:/tls
+    environment:
+      REDIS_PORT_NUMBER: "6379"
+      REDIS_TLS_PORT_NUMBER: "6379"
+      REDIS_ACLFILE: "/acl/redis.acl"
+      REDIS_TLS_ENABLED: "no"
+      REDIS_TLS_CERT_FILE: "/tls/redis.pem"
+      REDIS_TLS_KEY_FILE: "/tls/redis.key"
+      REDIS_TLS_CA_FILE: "/tls/ca.crt"
+      REDIS_TLS_AUTH_CLIENTS: "yes"
+      REDIS_REPLICATION_MODE: "slave"
+      REDIS_MASTER_HOST: "bw-redis"
+      REDIS_MASTER_SET: "bw-master"
+      REDIS_MASTER_PORT_NUMBER: "6379"
+      REDIS_MASTER_PASSWORD: ""
+      ALLOW_EMPTY_PASSWORD: "yes"
+    depends_on:
+      - bw-redis
+    networks:
+      - bw-services
+    deploy:
+      replicas: 2
+
+  bw-redis-sentinel-1:
+    image: bitnami/redis-sentinel:7.2
+    command: /opt/bitnami/scripts/redis-sentinel/run.sh --aclfile /acl/sentinel.acl
+    volumes:
+      - ./acl:/acl
+      - ./tls:/tls
+    environment:
+      REDIS_SENTINEL_PORT_NUMBER: "26379"
+      REDIS_SENTINEL_TLS_PORT_NUMBER: "26379"
+      REDIS_SENTINEL_TLS_ENABLED: "no"
+      REDIS_SENTINEL_TLS_CERT_FILE: "/tls/sentinel.pem"
+      REDIS_SENTINEL_TLS_KEY_FILE: "/tls/sentinel.key"
+      REDIS_SENTINEL_TLS_CA_FILE: "/tls/sentinel_ca.crt"
+      REDIS_SENTINEL_TLS_AUTH_CLIENTS: "no"
+      REDIS_MASTER_HOST: "bw-redis"
+      REDIS_MASTER_SET: "bw-master"
+      REDIS_MASTER_PORT_NUMBER: "6379"
+      REDIS_MASTER_PASSWORD: ""
+      ALLOW_EMPTY_PASSWORD: "yes"
+    depends_on:
+      - bw-redis
+      - bw-redis-slave
+    networks:
+      - bw-services
+
+  bw-redis-sentinel-2:
+    image: bitnami/redis-sentinel:7.2
+    command: /opt/bitnami/scripts/redis-sentinel/run.sh --aclfile /acl/sentinel.acl
+    volumes:
+      - ./acl:/acl
+      - ./tls:/tls
+    environment:
+      REDIS_SENTINEL_PORT_NUMBER: "26379"
+      REDIS_SENTINEL_TLS_PORT_NUMBER: "26379"
+      REDIS_SENTINEL_ACLFILE: "/acl/sentinel.acl"
+      REDIS_SENTINEL_TLS_ENABLED: "no"
+      REDIS_SENTINEL_TLS_CERT_FILE: "/tls/sentinel.pem"
+      REDIS_SENTINEL_TLS_KEY_FILE: "/tls/sentinel.key"
+      REDIS_SENTINEL_TLS_CA_FILE: "/tls/sentinel_ca.crt"
+      REDIS_SENTINEL_TLS_AUTH_CLIENTS: "no"
+      REDIS_MASTER_HOST: "bw-redis"
+      REDIS_MASTER_SET: "bw-master"
+      REDIS_MASTER_PORT_NUMBER: "6379"
+      REDIS_MASTER_PASSWORD: ""
+      ALLOW_EMPTY_PASSWORD: "yes"
+    depends_on:
+      - bw-redis
+      - bw-redis-slave
+    networks:
+      - bw-services
+
+  bw-redis-sentinel-3:
+    image: bitnami/redis-sentinel:7.2
+    command: /opt/bitnami/scripts/redis-sentinel/run.sh --aclfile /acl/sentinel.acl
+    volumes:
+      - ./acl:/acl
+      - ./tls:/tls
+    environment:
+      REDIS_SENTINEL_PORT_NUMBER: "26379"
+      REDIS_SENTINEL_TLS_PORT_NUMBER: "26379"
+      REDIS_SENTINEL_ACLFILE: "/acl/sentinel.acl"
+      REDIS_SENTINEL_TLS_ENABLED: "no"
+      REDIS_SENTINEL_TLS_CERT_FILE: "/tls/sentinel.pem"
+      REDIS_SENTINEL_TLS_KEY_FILE: "/tls/sentinel.key"
+      REDIS_SENTINEL_TLS_CA_FILE: "/tls/sentinel_ca.crt"
+      REDIS_SENTINEL_TLS_AUTH_CLIENTS: "no"
+      REDIS_MASTER_HOST: "bw-redis"
+      REDIS_MASTER_SET: "bw-master"
+      REDIS_MASTER_PORT_NUMBER: "6379"
+      REDIS_MASTER_PASSWORD: ""
+      ALLOW_EMPTY_PASSWORD: "yes"
+    depends_on:
+      - bw-redis
+      - bw-redis-slave
+    networks:
+      - bw-services
 
 networks:
   bw-universe:

diff --git a/tests/core/redis/entrypoint.sh b/tests/core/redis/entrypoint.sh
diff --git a/tests/core/redis/main.py b/tests/core/redis/main.py
@@ -1,7 +1,7 @@
 from fastapi import FastAPI
 from multiprocessing import Process
 from os import getenv
-from redis import Redis
+from redis import Redis, Sentinel
 from requests import get
 from selenium import webdriver
 from selenium.webdriver.firefox.options import Options
@@ -14,7 +14,7 @@
 
 fastapi_proc = None
 
-ip_to_check = "1.0.0.3" if getenv("TEST_TYPE", "docker") == "docker" else "127.0.0.1"
+ip_to_check = "1.0.0.253" if getenv("TEST_TYPE", "docker") == "docker" else "127.0.0.1"
 
 try:
     ready = False
@@ -62,20 +62,52 @@
     redis_db = int(redis_db)
 
     redis_ssl = getenv("REDIS_SSL", "no") == "yes"
+    sentinel_hosts = getenv("REDIS_SENTINEL_HOSTS", [])
 
-    print(
-        f"ℹ️ Trying to connect to Redis with the following parameters:\nhost: {redis_host}\nport: {redis_port}\ndb: {redis_db}\nssl: {redis_ssl}",
-        flush=True,
-    )
+    if isinstance(sentinel_hosts, str):
+        sentinel_hosts = [host.split(":") if ":" in host else host for host in sentinel_hosts.split(" ") if host]
 
-    redis_client = Redis(
-        host=redis_host,
-        port=redis_port,
-        db=redis_db,
-        ssl=redis_ssl,
-        socket_timeout=1,
-        ssl_cert_reqs=None,
-    )
+    if sentinel_hosts:
+        sentinel_username = getenv("REDIS_SENTINEL_USERNAME", None) or None
+        sentinel_password = getenv("REDIS_SENTINEL_PASSWORD", None) or None
+        sentinel_master = getenv("REDIS_SENTINEL_MASTER", "bw-master")
+
+        print(
+            f"ℹ️ Trying to connect to Redis Sentinel with the following parameters:\nhosts: {sentinel_hosts}\nmaster: {sentinel_master}\nssl: {redis_ssl}\nusername: {sentinel_username}\npassword: {sentinel_password}",
+            flush=True,
+        )
+        sentinel = Sentinel(sentinel_hosts, username=sentinel_username, password=sentinel_password, ssl=redis_ssl, socket_timeout=1)
+        sentinel.discover_slaves(sentinel_master)
+
+        print(
+            f"ℹ️ Trying to get a Redis Sentinel slave for master {sentinel_master} with the following parameters:\n"
+            + f"host: {redis_host}\nport: {redis_port}\ndb: {redis_db}\nssl: {redis_ssl}\nusername: {getenv('REDIS_USERNAME', None) or None}\npassword: {getenv('REDIS_PASSWORD', None) or None}",
+            flush=True,
+        )
+        redis_client = sentinel.slave_for(
+            sentinel_master,
+            db=redis_db,
+            username=getenv("REDIS_USERNAME", None) or None,
+            password=getenv("REDIS_PASSWORD", None) or None,
+            socket_timeout=1,
+        )
+    else:
+        print(
+            "ℹ️ Trying to connect to Redis with the following parameters:\n"
+            + f"host: {redis_host}\nport: {redis_port}\ndb: {redis_db}\nssl: {redis_ssl}\nusername: {getenv('REDIS_USERNAME', None) or None}\npassword: {getenv('REDIS_PASSWORD', None) or None}",
+            flush=True,
+        )
+
+        redis_client = Redis(
+            host=redis_host,
+            port=redis_port,
+            db=redis_db,
+            username=getenv("REDIS_USERNAME", None) or None,
+            password=getenv("REDIS_PASSWORD", None) or None,
+            ssl=redis_ssl,
+            socket_timeout=1,
+            ssl_cert_reqs="none",
+        )
 
     if not redis_client.ping():
         print("❌ Redis is not reachable, exiting ...", flush=True)
@@ -84,7 +116,7 @@
     use_reverse_scan = getenv("USE_REVERSE_SCAN", "no") == "yes"
 
     if use_reverse_scan:
-        if ip_to_check == "1.0.0.3":
+        if ip_to_check == "1.0.0.253":
             print("ℹ️ Testing Reverse Scan, starting FastAPI ...", flush=True)
             app = FastAPI()
             fastapi_proc = Process(target=run, args=(app,), kwargs=dict(host="0.0.0.0", port=8080))
@@ -112,7 +144,7 @@
 
         print("ℹ️ The request was blocked, checking Redis ...", flush=True)
 
-        port_to_check = "8080" if ip_to_check == "1.0.0.3" else "80"
+        port_to_check = "8080" if ip_to_check == "1.0.0.253" else "80"
 
         key_value = redis_client.get(f"plugin_reverse_scan_{ip_to_check}:{port_to_check}")
 
@@ -368,7 +400,7 @@
     #     flush=True,
     # )
 
-    # if ip_to_check == "1.0.0.3":
+    # if ip_to_check == "1.0.0.253":
     #     print(
     #         "ℹ️ Checking if the dnsbl keys were created ...",
     #         flush=True,