Added simple SSL test

Author: rjrudin

CODEOWNERS

@@ -0,0 +1,5 @@
+# Lines starting with '#' are comments.
+# Each line is a file pattern followed by one or more owners.
+
+# These owners will be the default owners for everything in the repo.
+* @anu3990 @billfarber @rjrudin

CONTRIBUTING.md

@@ -17,3 +17,11 @@ To run the tests:
 - Run `./gradlew -i mlDeploy`
 - `cd ..`
 - Run `pytest`
+
+To run an individual test with logging to stdout:
+
+    pytest -s tests/test_search.py
+
+To run an individual test method:
+
+    pytest -s test/test_search.py::test_search

test-app/build.gradle

@@ -1,4 +1,13 @@
 plugins {
     id 'net.saliman.properties' version '1.5.2'
     id 'com.marklogic.ml-gradle' version '4.5.2'
-}
+}
+
+// Generate a temporary certificate for some simple SSL tests
+ext {
+    def command = new com.marklogic.appdeployer.command.security.GenerateTemporaryCertificateCommand()
+    command.setTemplateIdOrName("python-test-ssl-template")
+    command.setCommonName("localhost")
+    command.setValidFor(365)
+    mlAppDeployer.commands.add(command)
+}

test-app/src/main/ml-config/security/certificate-templates/template.xml

@@ -0,0 +1,17 @@
+<certificate-template-properties xmlns="http://marklogic.com/manage">
+  <template-name>python-test-ssl-template</template-name>
+  <template-description>Used for marklogic-python-client testing</template-description>
+  <key-type>rsa</key-type>
+  <key-options />
+  <req>
+    <version>0</version>
+    <subject>
+      <countryName>US</countryName>
+      <stateOrProvinceName>VA</stateOrProvinceName>
+      <localityName>McLean</localityName>
+      <organizationName>MarkLogic</organizationName>
+      <organizationalUnitName>Engineering</organizationalUnitName>
+      <emailAddress>python@marklogic.com</emailAddress>
+    </subject>
+  </req>
+</certificate-template-properties>

test-app/src/main/ml-config/security/users/python-test-user.json

@@ -0,0 +1,10 @@
+{
+    "user-name": "python-test-user",
+    "password": "password",
+    "role": [
+      "rest-reader",
+      "rest-writer",
+      "qconsole-user"
+    ]
+  }
+  

test-app/src/main/ml-config/servers/ssl-server.json

@@ -0,0 +1,16 @@
+{
+    "server-name" : "%%NAME%%-ssl",
+    "group-name" : "Default",
+    "server-type" : "http",
+    "enabled" : true,
+    "root" : "/",
+    "port" : 8031,
+    "authentication" : "digestbasic",
+    "content-database" : "%%DATABASE%%",
+    "modules-database" : "%%MODULES_DATABASE%%",
+    "ssl-certificate-template": "python-test-ssl-template",
+    "url-rewriter": "/MarkLogic/rest-api/rewriter.xml",
+    "error-handler": "/MarkLogic/rest-api/error-handler.xqy",
+    "rewrite-resolves-globally": true
+  }
+  

tests/test_search.py

@@ -2,9 +2,10 @@
 from requests.auth import HTTPDigestAuth
 
 
-def test_get_search_response_with_no_args():
+def test_search():
     response = requests.get(
-        "http://localhost:8030/v1/search", auth=HTTPDigestAuth("admin", "admin")
+        "http://localhost:8030/v1/search",
+        auth=HTTPDigestAuth("python-test-user", "password")
     )
     assert 200 == response.status_code
     assert "application/xml; charset=utf-8" == response.headers["Content-type"]

tests/test_ssl.py

@@ -0,0 +1,23 @@
+import requests
+
+
+def test_verify_false():
+    """
+    The certificate verification in requests is fairly picky; while it's possible to disable
+    hostname validation, I did not find a way to ask it to not care about self-signed certificates.
+    So for now, this is just verifying that verify=False works with a MarkLogic app server that is
+    using a self-signed certificate. In the real world, a customer would have a real certificate and
+    would configure "verify" to point to that.
+    """
+    response = requests.get(
+        "https://localhost:8031/v1/search",
+        auth=("python-test-user", "password"),
+        verify=False,
+        headers={"Accept": "application/json"},
+    )
+    assert 200 == response.status_code
+    assert "application/json; charset=utf-8" == response.headers["Content-type"]
+    data = response.json()
+    assert (
+        10 == data["page-length"]
+    ), "Just verifying that a JSON search response is returned"