gorealis v2 refactor (#5)

* Changing default timeout for start maintenance. * Upgrading dependencies to gorealis v2 and thrift 0.12.0 * Refactored to update to gorealis v2.
2018-12-27 11:31:51 -08:00 · 2018-12-27 11:31:51 -08:00 · 6ab5c9334d
commit 6ab5c9334d
parent ad4dd9606e
1335 changed files with 137431 additions and 61530 deletions
--- a/vendor/git.apache.org/thrift.git/test/features/Makefile.am
+++ b/vendor/git.apache.org/thrift.git/test/features/Makefile.am
@ -21,8 +21,10 @@ EXTRA_DIST = \
 	index.html \
 	known_failures_Linux.json \
 	Makefile.am \
+        nosslv3.sh \
 	string_limit.py \
 	tests.json \
 	theader_binary.py \
 	setup.cfg \
+        tls.sh \
 	util.py
--- a/vendor/git.apache.org/thrift.git/test/features/container_limit.py
+++ b/vendor/git.apache.org/thrift.git/test/features/container_limit.py
@ -61,7 +61,7 @@ def main(argv):
    print('[OK]: just limit')
    try:
        test_list(proto, list(range(args.limit + 1)))
-    except:
+    except Exception:
        print('[OK]: limit + 1')
    else:
        print('[ERROR]: limit + 1')
--- a/vendor/git.apache.org/thrift.git/test/features/known_failures_Linux.json
+++ b/vendor/git.apache.org/thrift.git/test/features/known_failures_Linux.json
@ -1,36 +1,50 @@
 [
-  "c_glib-limit_container_length_binary_buffered-ip",
-  "c_glib-limit_string_length_binary_buffered-ip",
-  "csharp-limit_container_length_binary_buffered-ip",
-  "csharp-limit_container_length_compact_buffered-ip",
-  "csharp-limit_string_length_binary_buffered-ip",
-  "csharp-limit_string_length_compact_buffered-ip",
-  "d-limit_container_length_binary_buffered-ip",
-  "d-limit_container_length_compact_buffered-ip",
-  "d-limit_string_length_binary_buffered-ip",
-  "d-limit_string_length_compact_buffered-ip",
-  "erl-limit_container_length_binary_buffered-ip",
-  "erl-limit_container_length_compact_buffered-ip",
-  "erl-limit_string_length_binary_buffered-ip",
-  "erl-limit_string_length_compact_buffered-ip",
-  "go-limit_container_length_binary_buffered-ip",
-  "go-limit_container_length_compact_buffered-ip",
-  "go-limit_string_length_binary_buffered-ip",
-  "go-limit_string_length_compact_buffered-ip",
-  "hs-limit_container_length_binary_buffered-ip",
-  "hs-limit_container_length_compact_buffered-ip",
-  "hs-limit_string_length_binary_buffered-ip",
-  "hs-limit_string_length_compact_buffered-ip",
-  "nodejs-limit_container_length_binary_buffered-ip",
-  "nodejs-limit_container_length_compact_buffered-ip",
-  "nodejs-limit_string_length_binary_buffered-ip",
-  "nodejs-limit_string_length_compact_buffered-ip",
-  "perl-limit_container_length_binary_buffered-ip",
-  "perl-limit_string_length_binary_buffered-ip",
-  "rb-limit_container_length_accel-binary_buffered-ip",
-  "rb-limit_container_length_binary_buffered-ip",
-  "rb-limit_container_length_compact_buffered-ip",
-  "rb-limit_string_length_accel-binary_buffered-ip",
-  "rb-limit_string_length_binary_buffered-ip",
-  "rb-limit_string_length_compact_buffered-ip"
-]
+    "c_glib-limit_container_length_binary_buffered-ip",
+    "c_glib-limit_string_length_binary_buffered-ip",
+    "cl-limit_string_length_binary_buffered-ip",
+    "cl-limit_container_length_binary_buffered-ip",
+    "cpp-theader_framed_binary_multih-header_buffered-ip",
+    "cpp-theader_framed_compact_multih-header_buffered-ip",
+    "cpp-theader_unframed_binary_multih-header_buffered-ip",
+    "cpp-theader_unframed_compact_multih-header_buffered-ip",
+    "csharp-limit_container_length_binary_buffered-ip",
+    "csharp-limit_container_length_compact_buffered-ip",
+    "csharp-limit_string_length_binary_buffered-ip",
+    "csharp-limit_string_length_compact_buffered-ip",
+    "d-limit_container_length_binary_buffered-ip",
+    "d-limit_container_length_compact_buffered-ip",
+    "d-limit_string_length_binary_buffered-ip",
+    "d-limit_string_length_compact_buffered-ip",
+    "erl-limit_container_length_binary_buffered-ip",
+    "erl-limit_container_length_compact_buffered-ip",
+    "erl-limit_string_length_binary_buffered-ip",
+    "erl-limit_string_length_compact_buffered-ip",
+    "go-limit_container_length_binary_buffered-ip",
+    "go-limit_container_length_compact_buffered-ip",
+    "go-limit_string_length_binary_buffered-ip",
+    "go-limit_string_length_compact_buffered-ip",
+    "hs-limit_container_length_binary_buffered-ip",
+    "hs-limit_container_length_compact_buffered-ip",
+    "hs-limit_string_length_binary_buffered-ip",
+    "hs-limit_string_length_compact_buffered-ip",
+    "nodejs-limit_container_length_binary_buffered-ip",
+    "nodejs-limit_container_length_compact_buffered-ip",
+    "nodejs-limit_string_length_binary_buffered-ip",
+    "nodejs-limit_string_length_compact_buffered-ip",
+    "perl-limit_container_length_binary_buffered-ip",
+    "perl-limit_string_length_binary_buffered-ip",
+    "rb-limit_container_length_accel-binary_buffered-ip",
+    "rb-limit_container_length_binary_buffered-ip",
+    "rb-limit_container_length_compact_buffered-ip",
+    "rb-limit_string_length_accel-binary_buffered-ip",
+    "rb-limit_string_length_binary_buffered-ip",
+    "rb-limit_string_length_compact_buffered-ip",
+    "rs-limit_container_length_binary_buffered-ip",
+    "rs-limit_container_length_compact_buffered-ip",
+    "rs-limit_container_length_multic-compact_buffered-ip",
+    "rs-limit_string_length_binary_buffered-ip",
+    "rs-limit_string_length_compact_buffered-ip",
+    "rs-limit_string_length_multic-compact_buffered-ip",
+    "netcore-limit_string_length_compact_buffered-ip",
+    "netcore-limit_container_length_compact_buffered-ip"
+]
--- a/vendor/git.apache.org/thrift.git/test/features/nosslv3.sh
+++ b/vendor/git.apache.org/thrift.git/test/features/nosslv3.sh
@ -0,0 +1,59 @@
+#!/bin/bash
+
+#
+# Checks to make sure SSLv3 is not allowed by a server.
+#
+
+THRIFTHOST=localhost
+THRIFTPORT=9090
+
+while [[ $# -ge 1 ]]; do
+  arg="$1"
+  argIN=(${arg//=/ })
+
+  case ${argIN[0]} in
+    -h|--host)
+    THRIFTHOST=${argIN[1]}
+    shift # past argument
+    ;;
+    -p|--port)
+    THRIFTPORT=${argIN[1]}
+    shift # past argument
+    ;;
+    *)
+          # unknown option ignored
+    ;;
+  esac
+
+  shift   # past argument or value
+done
+
+function nosslv3
+{
+  local nego
+  local negodenied
+  local opensslv
+
+  opensslv=$(openssl version | cut -d' ' -f2)
+  if [[ $opensslv > "1.0" ]]; then
+    echo "[pass] OpenSSL 1.1 or later - no need to check ssl3"
+    return 0
+  fi
+
+  # echo "openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -ssl3 2>&1 < /dev/null"
+  nego=$(openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -ssl3 2>&1 < /dev/null)
+  negodenied=$?
+
+  if [[ $negodenied -ne 0 ]]; then
+    echo "[pass] SSLv3 negotiation disabled"
+    echo $nego
+    return 0
+  fi
+
+  echo "[fail] SSLv3 negotiation enabled!  stdout:"
+  echo $nego
+  return 1
+}
+
+nosslv3
+exit $?
--- a/vendor/git.apache.org/thrift.git/test/features/string_limit.py
+++ b/vendor/git.apache.org/thrift.git/test/features/string_limit.py
@ -51,11 +51,12 @@ def main(argv):
    print('[OK]: just limit')
    try:
        test_string(proto, 'a' * (args.limit + 1))
-    except:
+    except Exception:
        print('[OK]: limit + 1')
    else:
        print('[ERROR]: limit + 1')
        assert False

+
 if __name__ == '__main__':
    main(sys.argv[1:])
--- a/vendor/git.apache.org/thrift.git/test/features/tests.json
+++ b/vendor/git.apache.org/thrift.git/test/features/tests.json
@ -66,7 +66,6 @@
      "--string-limit=50"
    ],
    "protocols": [
-      "binary",
      "compact"
    ],
    "transports": ["buffered"],
@ -84,11 +83,32 @@
      "--container-limit=50"
    ],
    "protocols": [
-      "binary",
      "compact"
    ],
    "transports": ["buffered"],
    "sockets": ["ip"],
    "workdir": "features"
+  },
+  {
+    "name": "nosslv3",
+    "comment": "check to make sure SSLv3 is not supported",
+    "command": [
+      "nosslv3.sh"
+    ],
+    "protocols": ["binary"],
+    "transports": ["buffered"],
+    "sockets": ["ip-ssl"],
+    "workdir": "features"
+  },
+  {
+    "name": "tls",
+    "comment": "check to make sure TLSv1.0 or later is supported",
+    "command": [
+      "tls.sh"
+    ],
+    "protocols": ["binary"],
+    "transports": ["buffered"],
+    "sockets": ["ip-ssl"],
+    "workdir": "features"
  }
 ]
--- a/vendor/git.apache.org/thrift.git/test/features/tls.sh
+++ b/vendor/git.apache.org/thrift.git/test/features/tls.sh
@ -0,0 +1,71 @@
+#!/bin/bash
+
+#
+# Checks to make sure TLSv1.0 or later is allowed by a server.
+#
+
+THRIFTHOST=localhost
+THRIFTPORT=9090
+
+while [[ $# -ge 1 ]]; do
+  arg="$1"
+  argIN=(${arg//=/ })
+
+  case ${argIN[0]} in
+    -h|--host)
+    THRIFTHOST=${argIN[1]}
+    shift # past argument
+    ;;
+    -p|--port)
+    THRIFTPORT=${argIN[1]}
+    shift # past argument
+    ;;
+    *)
+          # unknown option ignored
+    ;;
+  esac
+
+  shift   # past argument or value
+done
+
+declare -A EXPECT_NEGOTIATE
+EXPECT_NEGOTIATE[tls1]=1
+EXPECT_NEGOTIATE[tls1_1]=1
+EXPECT_NEGOTIATE[tls1_2]=1
+
+failures=0
+
+function tls
+{
+  for PROTO in "${!EXPECT_NEGOTIATE[@]}"; do
+
+    local nego
+    local negodenied
+    local res
+
+    echo "openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -$PROTO 2>&1 < /dev/null"
+    nego=$(openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -$PROTO 2>&1 < /dev/null)
+    negodenied=$?
+    echo "result of command: $negodenied"
+
+    res="enabled"; if [[ ${EXPECT_NEGOTIATE[$PROTO]} -eq 0 ]]; then res="disabled"; fi
+
+    if [[ $negodenied -ne ${EXPECT_NEGOTIATE[$PROTO]} ]]; then
+      echo "$PROTO negotiation allowed"
+    else
+      echo "[warn] $PROTO negotiation did not work"
+      echo $nego
+      ((failures++))
+    fi
+  done
+}
+
+tls
+
+if [[ $failures -eq 3 ]]; then
+  echo "[fail] At least one of TLSv1.0, TLSv1.1, or TLSv1.2 needs to work, but does not"
+  exit $failures
+fi
+
+echo "[pass] At least one of TLSv1.0, TLSv1.1, or TLSv1.2 worked"
+exit 0