valitydev/riak_test
14
0
Fork 0
mirror of https://github.com/valitydev/riak_test.git synced 2024-11-06 16:45:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
ab014b13f0
riak_test/tests/replication2_ssl.erl

391 lines
15 KiB
Erlang
Raw Normal View History

Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
%% -------------------------------------------------------------------
%%
%% Copyright (c) 2012-2015 Basho Technologies, Inc.
%%
%% This file is provided to you under the Apache License,
%% Version 2.0 (the "License"); you may not use this file
%% except in compliance with the License. You may obtain
%% a copy of the License at
%%
%% http://www.apache.org/licenses/LICENSE-2.0
%%
%% Unless required by applicable law or agreed to in writing,
%% software distributed under the License is distributed on an
%% "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
%% KIND, either express or implied. See the License for the
%% specific language governing permissions and limitations
%% under the License.
%%
%% -------------------------------------------------------------------
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
-module(replication2_ssl).
-behavior(riak_test).
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
-export([confirm/0]).
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
-include_lib("eunit/include/eunit.hrl").
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
%% Certificate Names
-define(DEF_DOM, ".basho.com").
-define(DOM_WC, "*" ++ ?DEF_DOM).
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
-define(BAD_WC, "*.bahso.com").
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
-define(CERTN(S), S ++ ?DEF_DOM).
-define(SITEN(N), ?CERTN("site" ++ ??N)).
-define(CERTP(S), filename:join(CertDir, S)).
%% Certificate Information
-record(ci, {
cn, %% common name of the certificate
rd = 0, %% required ssl_depth
wc = ?DOM_WC, %% acceptable *.domain wildcard
ssl %% options returned from ssl_paths
}).
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
%%
%% @doc Tests various TLS (SSL) connection scenarios for MDC.
%% The following configiration options are recognized:
%%
%% num_nodes [default 6]
%% How many nodes to use to build two clusters.
%%
%% cluster_a_size [default (num_nodes div 2)]
%% How many nodes to use in cluster "A". The remainder is used in cluster "B".
%%
%% conn_fail_time [default rt_max_wait_time]
%% A (presumably shortened) timout to use in tests where the connection is
%% expected to be rejected due to invalid TLS configurations. Something around
%% one minute is appropriate. Using the default ten-minute timeout, this
%% test will take more than an hour and a half to run successfully.
%%
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
confirm() ->
Disable allow_mult for SSL tests
2014-01-08 17:07:32 +00:00
%% test requires allow_mult=false
Fix typo true -> false
2014-01-19 18:00:21 +00:00
rt:set_conf(all, [{"buckets.default.allow_mult", "false"}]),
Disable allow_mult for SSL tests
2014-01-08 17:07:32 +00:00
refactored config and local into separate modules
2013-04-26 15:02:23 +00:00
NumNodes = rt_config:get(num_nodes, 6),
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
ClusterASize = rt_config:get(cluster_a_size, (NumNodes div 2)),
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
Switch all the selfsigned certificates to be generated on demand Using the make_cert tool we can generate arbitrary certificate chains on demand, so they never have to be regenerated.
2014-05-09 18:46:52 +00:00
CertDir = rt_config:get(rt_scratch_dir) ++ "/certs",
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
%% make some CAs
make_certs:rootCA(CertDir, "CA_0"),
make_certs:intermediateCA(CertDir, "CA_1", "CA_0"),
make_certs:intermediateCA(CertDir, "CA_2", "CA_1"),
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
%% make a bunch of certificates and matching ci records
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
S1Name = ?SITEN(1),
S2Name = ?SITEN(2),
S3Name = ?SITEN(3),
S4Name = ?SITEN(4),
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
S5Name = ?SITEN(5),
S6Name = ?SITEN(6),
W1Name = ?CERTN("wildcard1"),
W2Name = ?CERTN("wildcard2"),
make_certs:endusers(CertDir, "CA_0", [S1Name, S2Name]),
CIdep0s1 = #ci{cn = S1Name, rd = 0, ssl = ssl_paths(?CERTP(S1Name))},
CIdep0s2 = #ci{cn = S2Name, rd = 0, ssl = ssl_paths(?CERTP(S2Name))},
make_certs:endusers(CertDir, "CA_1", [S3Name, S4Name]),
CIdep1s1 = #ci{cn = S3Name, rd = 1, ssl = ssl_paths(?CERTP(S3Name))},
CIdep1s2 = #ci{cn = S4Name, rd = 1, ssl = ssl_paths(?CERTP(S4Name))},
make_certs:endusers(CertDir, "CA_2", [S5Name, S6Name]),
CIdep2s1 = #ci{cn = S5Name, rd = 2, ssl = ssl_paths(?CERTP(S5Name))},
CIdep2s2 = #ci{cn = S6Name, rd = 2, ssl = ssl_paths(?CERTP(S6Name))},
make_certs:enduser(CertDir, "CA_1", ?DOM_WC, W1Name),
CIdep1wc = #ci{cn = ?DOM_WC, rd = 1, ssl = ssl_paths(?CERTP(W1Name))},
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
make_certs:enduser(CertDir, "CA_2", ?DOM_WC, W2Name),
CIdep2wc = #ci{cn = ?DOM_WC, rd = 2, ssl = ssl_paths(?CERTP(W2Name))},
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
% crufty old certs really need to be replaced
CIexpired = #ci{cn = "ny.cataclysm-software.net", rd = 0,
wc = "*.cataclysm-software.net", ssl = ssl_paths(
filename:join([rt:priv_dir(), "certs", "cacert.org"]),
"ny-cert-old.pem", "ny-key.pem", "ca")},
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
lager:info("Deploy ~p nodes", [NumNodes]),
Better support for wildcard certificates: - Update make_certs to support wildcard certificates by passing an additional Path parameter. - add replication2_ssl test to ensure using wildcard certificates works after PR to riak_core_ssl_util.
2015-02-11 21:27:39 +00:00
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
ConfRepl = {riak_repl,
[{fullsync_on_connect, false}, {fullsync_interval, disabled}]},
ConfTcpBasic = [ConfRepl, {riak_core, [{ssl_enabled, false}]}],
%%
%% !!! IMPORTANT !!!
%% Properties added to node configurations CANNOT currently be removed,
%% only overwritten. As such, configurations that include ACLs MUST come
%% after ALL non-ACL configurations! This has been learned the hard way :(
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
%% The same applies to the ssl_depth option, though it's much easier to
%% contend with - make sure it works, then always use a valid depth.
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
%%
%%
%% Connection Test descriptors
%% Each is a tuple: {Description, Node1Config, Node2Config, Should Pass}
%%
SslConnTests = [
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
%%
%% basic tests
%%
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
{"non-SSL peer fails",
[ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
] ++ CIdep0s1#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
ConfTcpBasic,
false},
{"non-SSL local fails",
ConfTcpBasic,
[ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
] ++ CIdep0s2#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
false},
{"basic SSL connectivity",
[ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
] ++ CIdep0s1#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
] ++ CIdep0s2#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
true},
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
{"expired peer certificate fails",
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
] ++ CIdep0s1#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
] ++ CIexpired#ci.ssl }],
false},
{"expired local certificate fails",
[ConfRepl, {riak_core, [{ssl_enabled, true}
] ++ CIexpired#ci.ssl }],
[ConfRepl, {riak_core, [{ssl_enabled, true}
] ++ CIdep0s2#ci.ssl }],
false},
{"identical certificate CN is disallowed",
[ConfRepl, {riak_core, [{ssl_enabled, true}
] ++ CIdep0s1#ci.ssl }],
[ConfRepl, {riak_core, [{ssl_enabled, true}
] ++ CIdep0s1#ci.ssl }],
false},
{"identical wildcard certificate CN is allowed",
[ConfRepl, {riak_core, [{ssl_enabled, true}
] ++ CIdep1wc#ci.ssl }],
[ConfRepl, {riak_core, [{ssl_enabled, true}
] ++ CIdep1wc#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
true},
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
{"SSL connectivity with one intermediate CA is allowed by default",
[ConfRepl, {riak_core, [{ssl_enabled, true}
] ++ CIdep1s1#ci.ssl }],
[ConfRepl, {riak_core, [{ssl_enabled, true}
] ++ CIdep1s2#ci.ssl }],
true},
{"SSL connectivity with two intermediate CAs is disallowed by default",
[ConfRepl, {riak_core, [{ssl_enabled, true}
] ++ CIdep2s1#ci.ssl }],
[ConfRepl, {riak_core, [{ssl_enabled, true}
] ++ CIdep2s2#ci.ssl }],
false},
{"wildcard certificates on both ends",
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
] ++ CIdep1wc#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
] ++ CIdep1wc#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
true},
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
{"wildcard certificate on one end",
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
] ++ CIdep1wc#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
] ++ CIdep0s1#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
true},
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
%%
%% first use of ssl_depth, all subsequent tests must specify
%%
{"disallowing intermediate CA setting allows direct-signed certs",
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[ConfRepl, {riak_core, [{ssl_enabled, true}
, {ssl_depth, 0}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
] ++ CIdep0s1#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[ConfRepl, {riak_core, [{ssl_enabled, true}
, {ssl_depth, 0}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
] ++ CIdep0s2#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
true},
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
{"disallowing intermediate CA disallows intermediate-signed peer",
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[ConfRepl, {riak_core, [{ssl_enabled, true}
, {ssl_depth, 0}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
] ++ CIdep0s1#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
, {ssl_depth, CIdep0s1#ci.rd}
] ++ CIdep1s2#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
false},
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
{"disallowing intermediate CA disallows intermediate-signed local",
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
, {ssl_depth, CIdep0s2#ci.rd}
] ++ CIdep1s1#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
, {ssl_depth, 0}
] ++ CIdep0s2#ci.ssl }],
false},
{"allow arbitrary-depth intermediate CAs",
[ConfRepl, {riak_core, [{ssl_enabled, true}
, {ssl_depth, CIdep2s2#ci.rd}
] ++ CIdep2s1#ci.ssl }],
[ConfRepl, {riak_core, [{ssl_enabled, true}
, {ssl_depth, CIdep2s1#ci.rd}
] ++ CIdep2s2#ci.ssl }],
true},
%%
%% first use of peer_common_name_acl, all subsequent tests must specify
%%
{"wildcard certificate on one end with matching ACL",
[ConfRepl, {riak_core, [{ssl_enabled, true}
, {ssl_depth, CIdep1s1#ci.rd}
] ++ CIdep1wc#ci.ssl }],
[ConfRepl, {riak_core, [{ssl_enabled, true}
, {ssl_depth, CIdep1wc#ci.rd}
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
, {peer_common_name_acl, [?DOM_WC]}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
] ++ CIdep1s1#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
true},
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
{"wildcard certificate on one end with mismatched ACL",
[ConfRepl, {riak_core, [{ssl_enabled, true}
, {ssl_depth, CIdep1s1#ci.rd}
] ++ CIdep1wc#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
, {ssl_depth, CIdep1wc#ci.rd}
, {peer_common_name_acl, [?BAD_WC]}
] ++ CIdep1s1#ci.ssl }],
false},
{"one wildcard ACL and one strict ACL",
[ConfRepl, {riak_core, [{ssl_enabled, true}
, {ssl_depth, CIdep1s2#ci.rd}
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
, {peer_common_name_acl, [?DOM_WC]}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
] ++ CIdep1s1#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
, {ssl_depth, CIdep1s1#ci.rd}
, {peer_common_name_acl, [CIdep1s1#ci.cn]}
] ++ CIdep1s2#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
true},
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
{"wildcard certificates on both ends with ACLs",
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
, {ssl_depth, CIdep2wc#ci.rd}
, {peer_common_name_acl, [CIdep2wc#ci.wc]}
] ++ CIdep1wc#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
, {ssl_depth, CIdep1wc#ci.rd}
, {peer_common_name_acl, [CIdep1wc#ci.wc]}
] ++ CIdep2wc#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
true},
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
{"explicit certificates with strict ACLs",
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
, {ssl_depth, CIdep2s2#ci.rd}
, {peer_common_name_acl, [CIdep2s2#ci.cn]}
] ++ CIdep1s1#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
, {ssl_depth, CIdep1s1#ci.rd}
, {peer_common_name_acl, [CIdep1s1#ci.cn]}
] ++ CIdep2s2#ci.ssl }],
true}
Address review comments & add more tests - Change Path -> DirName in make_certs - Added both more basic and more advanced tests with wildcard certs
2015-02-12 13:35:04 +00:00
],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
lager:info("Deploying 2 nodes for connectivity tests"),
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[Node1, Node2] = rt:deploy_nodes(2, ConfTcpBasic, [riak_kv, riak_repl]),
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
repl_util:name_cluster(Node1, "A"),
repl_util:name_cluster(Node2, "B"),
%% we'll need to wait for cluster names before continuing
rt:wait_until_ring_converged([Node1]),
rt:wait_until_ring_converged([Node2]),
Change replication SSL ACL tests to avoid certificate expiration Change the ACL test case in the replication_ssl and replication2_ssl tests to use certificates generated within the tests instead of relying on certificates created outside the test that are prone to expire and cause spurious test failure. Also change the replication_ssl and replication2_ssl tests to avoid a cycle of standing up the test clusters and then immediately restarting them before any tests cases execute. This should make the test execution slightly faster for both test modules. This commit also changes the tests to be a bit more robust in checking for cluster state when restarting nodes and removes an unnecessary five second sleep call in the replication_ssl test.
2014-07-15 17:45:46 +00:00
rt:wait_for_service(Node1, [riak_kv, riak_repl]),
rt:wait_for_service(Node2, [riak_kv, riak_repl]),
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
lager:info("=== Testing basic connectivity"),
rt:log_to_nodes([Node1, Node2], "Testing basic connectivity"),
Change replication SSL ACL tests to avoid certificate expiration Change the ACL test case in the replication_ssl and replication2_ssl tests to use certificates generated within the tests instead of relying on certificates created outside the test that are prone to expire and cause spurious test failure. Also change the replication_ssl and replication2_ssl tests to avoid a cycle of standing up the test clusters and then immediately restarting them before any tests cases execute. This should make the test execution slightly faster for both test modules. This commit also changes the tests to be a bit more robust in checking for cluster state when restarting nodes and removes an unnecessary five second sleep call in the replication_ssl test.
2014-07-15 17:45:46 +00:00
{ok, {_IP, Port}} = rpc:call(Node2, application, get_env,
[riak_core, cluster_mgr]),
lager:info("connect cluster A:~p to B on port ~p", [Node1, Port]),
rt:log_to_nodes([Node1, Node2], "connect A to B"),
repl_util:connect_cluster(Node1, "127.0.0.1", Port),
lager:info("Waiting for connection to B"),
?assertEqual(ok, repl_util:wait_for_connection(Node1, "B")),
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
%% run each of the SSL connectivity tests
lists:foreach(fun({Desc, Conf1, Conf2, ShouldPass}) ->
test_connection(Desc, {Node1, Conf1}, {Node2, Conf2}, ShouldPass)
end, SslConnTests),
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
lager:info("Connectivity tests passed"),
Get rid of old cluster connection
2013-04-02 03:29:08 +00:00
repl_util:disconnect_cluster(Node1, "B"),
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
lager:info("Re-deploying 6 nodes"),
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
Nodes = rt:deploy_nodes(6, ConfTcpBasic, [riak_kv, riak_repl]),
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
[rt:wait_until_pingable(N) || N <- Nodes],
{ANodes, BNodes} = lists:split(ClusterASize, Nodes),
lager:info("Reconfiguring nodes with SSL options"),
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
ConfANodes = [ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
, {ssl_depth, CIdep1s2#ci.rd}
, {peer_common_name_acl, [CIdep1s2#ci.cn]}
] ++ CIdep1s1#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
ConfBNodes = [ConfRepl, {riak_core, [{ssl_enabled, true}
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
, {ssl_depth, CIdep1s1#ci.rd}
, {peer_common_name_acl, [CIdep1s1#ci.cn]}
] ++ CIdep1s2#ci.ssl }],
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
[rt:update_app_config(N, ConfANodes) || N <- ANodes],
[rt:update_app_config(N, ConfBNodes) || N <- BNodes],
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
[rt:wait_until_pingable(N) || N <- Nodes],
lager:info("Build cluster A"),
repl_util:make_cluster(ANodes),
lager:info("Build cluster B"),
repl_util:make_cluster(BNodes),
Get rid of old cluster connection
2013-04-02 03:29:08 +00:00
repl_util:disconnect_cluster(Node1, "B"),
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
replication2:replication(ANodes, BNodes, false),
pass.
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
test_connection(Desc, {N1, C1}, {N2, C2}, ShouldPass) ->
lager:info("=== Testing " ++ Desc),
rt:log_to_nodes([N1, N2], "Testing " ++ Desc),
test_connection({N1, C1}, {N2, C2}, ShouldPass).
test_connection(Left, Right, true) ->
?assertEqual(ok, test_connection(Left, Right)),
lager:info("Connection succeeded");
test_connection(Left, Right, false) ->
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
DefaultTimeout = rt_config:get(rt_max_wait_time),
ConnFailTimeout = rt_config:get(conn_fail_time, DefaultTimeout),
rt_config:set(rt_max_wait_time, ConnFailTimeout),
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
?assertMatch({fail, _}, test_connection(Left, Right)),
Fixed typos. Reordered tests to use lighter configurations. Added test for mismatched ACL. Added timeout override.
2015-03-13 11:09:05 +00:00
rt_config:set(rt_max_wait_time, DefaultTimeout),
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
lager:info("Connection rejected").
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
test_connection({Node1, Config1}, {Node2, Config2}) ->
Clean up connections between tests, so we don't get false positives
2013-04-29 18:24:03 +00:00
repl_util:disconnect_cluster(Node1, "B"),
Change replication SSL ACL tests to avoid certificate expiration Change the ACL test case in the replication_ssl and replication2_ssl tests to use certificates generated within the tests instead of relying on certificates created outside the test that are prone to expire and cause spurious test failure. Also change the replication_ssl and replication2_ssl tests to avoid a cycle of standing up the test clusters and then immediately restarting them before any tests cases execute. This should make the test execution slightly faster for both test modules. This commit also changes the tests to be a bit more robust in checking for cluster state when restarting nodes and removes an unnecessary five second sleep call in the replication_ssl test.
2014-07-15 17:45:46 +00:00
repl_util:wait_for_disconnect(Node1, "B"),
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
rt:update_app_config(Node2, Config2),
rt:wait_until_pingable(Node2),
Clean up connections between tests, so we don't get false positives
2013-04-29 18:24:03 +00:00
rt:update_app_config(Node1, Config1),
rt:wait_until_pingable(Node1),
Change replication SSL ACL tests to avoid certificate expiration Change the ACL test case in the replication_ssl and replication2_ssl tests to use certificates generated within the tests instead of relying on certificates created outside the test that are prone to expire and cause spurious test failure. Also change the replication_ssl and replication2_ssl tests to avoid a cycle of standing up the test clusters and then immediately restarting them before any tests cases execute. This should make the test execution slightly faster for both test modules. This commit also changes the tests to be a bit more robust in checking for cluster state when restarting nodes and removes an unnecessary five second sleep call in the replication_ssl test.
2014-07-15 17:45:46 +00:00
rt:wait_for_service(Node1, [riak_kv, riak_repl]),
rt:wait_for_service(Node2, [riak_kv, riak_repl]),
Clean up connections between tests, so we don't get false positives
2013-04-29 18:24:03 +00:00
{ok, {_IP, Port}} = rpc:call(Node2, application, get_env,
[riak_core, cluster_mgr]),
lager:info("connect cluster A:~p to B on port ~p", [Node1, Port]),
Make sure we wait for riak_repl service after reconfiguring nodes
2013-06-03 21:38:13 +00:00
rt:log_to_nodes([Node1, Node2], "connect A to B"),
Clean up connections between tests, so we don't get false positives
2013-04-29 18:24:03 +00:00
repl_util:connect_cluster(Node1, "127.0.0.1", Port),
Add replication2 SSL test, fix wait_for_connection Wait for connection was considering a connection *trying* to connect as a valid connection, which is wrong.
2013-04-01 19:07:36 +00:00
repl_util:wait_for_connection(Node1, "B").
Restructured how connectivity tests are configured and run [RIAK-1608]. Due to leftover configuration attributes from prior tests within this module (see RIAK-1607), the order of tests has to be managed. In order to accomplish this and be able to see exactly what configurations are used for each test, configuration blocks have been more directly associated with each connectivity test.
2015-03-12 19:07:36 +00:00
ssl_paths(Dir) ->
ssl_paths(Dir, "cert.pem", "key.pem", "cacerts.pem").
ssl_paths(Dir, Cert, Key, CaCerts) ->
[{certfile, filename:join(Dir, Cert)}
,{keyfile, filename:join(Dir, Key)}
,{cacertdir, filename:join(Dir, CaCerts)}].
Reference in New Issue Copy Permalink