commit 5889d798326775f8c86cb084bfedceb1f3333420
author Malik Akbar Hashemi Rafsanjani <malikrafsan@meta.com> Wed Aug 13 08:04:02 2025 -0700
committer Malik Akbar Hashemi Rafsanjani <malikrafsan@meta.com> Wed Aug 13 15:36:59 2025 +0000
tree 1fcc96515bf455d24bb7e968f3d4423919222bb7
parent 2e3cdf87e73e50ddf2d4b915089d0598a45815ee

add integration testing for auth using http2

with this commit, we will make the integration testing of
`generate_auth_certificate` to use http2 by default

this is aligned with previous commit to enable http2 for mutual TLS

Change-Id: I79bb95ef1ad3aaa597900c122372a06d205386f2
Signed-off-by: Malik Akbar Hashemi Rafsanjani <malikrafsan@meta.com>

scripts/generate_auth_certificates.py

diff --git a/scripts/generate_auth_certificates.py b/scripts/generate_auth_certificates.py
index 1cba464..7bc9f7e 100755
--- a/scripts/generate_auth_certificates.py
+++ b/scripts/generate_auth_certificates.py
@@ -382,7 +382,7 @@
         f.write(p12)
 
 
-def test_mtls_auth(url, certs_dir):
+def test_mtls_auth(url, certs_dir, use_http2):
     with httpx.Client(
         base_url=f"https://{url}",
         verify=os.path.join(certs_dir, "CA-cert.cer"),
@@ -390,6 +390,7 @@
             os.path.join(certs_dir, "client-cert.pem"),
             os.path.join(certs_dir, "client-key.pem"),
         ),
+        http2=use_http2,
     ) as client:
         print("Testing mTLS auth with CommonName")
         response = client.get(
@@ -418,6 +419,7 @@
             os.path.join(certs_dir, "upn-client-cert.pem"),
             os.path.join(certs_dir, "upn-client-key.pem"),
         ),
+        http2=use_http2,
     ) as client:
         print("Retesting mTLS auth with UPN")
         response = client.get(
@@ -561,7 +563,9 @@
     return private_key, intermediate_cert
 
 
-def generate_and_load_certs(url, username, password, use_intermediate=False):
+def generate_and_load_certs(
+    url, username, password, use_http2, use_intermediate=False
+):
     certs_dir = os.path.expanduser("~/certs")
     print(f"Writing certs to {certs_dir}")
     try:
@@ -655,7 +659,10 @@
 
     print(f"Connecting to {url}")
     with httpx.Client(
-        base_url=f"https://{url}", verify=False, follow_redirects=False
+        base_url=f"https://{url}",
+        verify=False,
+        follow_redirects=False,
+        http2=use_http2,
     ) as redfish_session:
         with RedfishSessionContext(
             redfish_session, username, password
@@ -704,7 +711,7 @@
 
     print("Testing redfish TLS authentication with generated certs.")
     time.sleep(2)
-    test_mtls_auth(url, certs_dir)
+    test_mtls_auth(url, certs_dir, use_http2)
     print("Redfish TLS authentication success!")
 
 
@@ -726,11 +733,21 @@
         default=False,
         help="Generate and use an intermediate certificate",
     )
+    parser.add_argument(
+        "--no-http2",
+        action="store_true",
+        default=False,
+        help="Disable HTTP2 for testing",
+    )
     parser.add_argument("host", help="Host to connect to")
 
     args = parser.parse_args()
     generate_and_load_certs(
-        args.host, args.username, args.password, args.use_intermediate
+        args.host,
+        args.username,
+        args.password,
+        not args.no_http2,
+        args.use_intermediate,
     )