interop_test_runner: use Python 3, improve wait logic

'python2' does not exist on macOS, it is called 'python2.7'. Porting to
Python 3 is however more future-proof so do that instead. Rename the
file such that it can be run with pytest.

Tests are run sequentially, do not wait three seconds for every server
and instead speed it up by checking for listening services. Do not
listen on a fixed host port and use a random port instead. Otherwise
tests could fail if something is listening on those ports.

Author: Lekensteyn

.travis.yml

@@ -1,3 +1,4 @@
+dist: xenial
 language: go
 
 matrix:
@@ -28,7 +29,10 @@ before_install:
   - make -f _dev/Makefile fmtcheck
 
 install:
-  - if [[ "$TRAVIS_OS_NAME" == "linux" ]] && [[ "$TEST_SUITE" != "test-unit" ]]; then sudo pip install docker; fi
+  - |
+    if [[ "$TRAVIS_OS_NAME" == "linux" ]] && [[ "$TEST_SUITE" != "test-unit" ]]; then
+      sudo apt-get install -y python3-pip && sudo pip3 install docker
+    fi
 
 script:
   # Travis does not support Docker on macOS, disable it in the build-all target.

_dev/Makefile

@@ -135,7 +135,7 @@ test-bogo:
 	$(DOCKER) run --rm -v $(PRJ_DIR):$(BOGO_DOCKER_TRIS_LOCATION) tls-tris:bogo
 
 test-interop:
-	$(DEV_DIR)/interop_test_runner -v
+	$(DEV_DIR)/interop_test_runner.py -v
 
 ###############
 #

_dev/interop_test_runner renamed to _dev/interop_test_runner.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python3
 
 import docker
 import unittest
@@ -8,13 +8,13 @@
 # Regex patterns used for testing
 
 # Checks if TLS 1.3 was negotiated
-RE_PATTERN_HELLO_TLS_13_NORESUME = "^.*Hello TLS 1.3 \(draft .*\) _o/$|^.*Hello TLS 1.3 _o/$"
+RE_PATTERN_HELLO_TLS_13_NORESUME = r"^.*Hello TLS 1.3 \(draft .*\) _o/$|^.*Hello TLS 1.3 _o/$"
 # Checks if TLS 1.3 was resumed
-RE_PATTERN_HELLO_TLS_13_RESUME   = "Hello TLS 1.3 \[resumed\] _o/"
+RE_PATTERN_HELLO_TLS_13_RESUME   = r"Hello TLS 1.3 \[resumed\] _o/"
 # Checks if 0-RTT was used and NOT confirmed
-RE_PATTERN_HELLO_0RTT            = "^.*Hello TLS 1.3 .*\[resumed\] \[0-RTT\] _o/$"
+RE_PATTERN_HELLO_0RTT            = r"^.*Hello TLS 1.3 .*\[resumed\] \[0-RTT\] _o/$"
 # Checks if 0-RTT was used and confirmed
-RE_PATTERN_HELLO_0RTT_CONFIRMED  = "^.*Hello TLS 1.3 .*\[resumed\] \[0-RTT confirmed\] _o/$"
+RE_PATTERN_HELLO_0RTT_CONFIRMED  = r"^.*Hello TLS 1.3 .*\[resumed\] \[0-RTT confirmed\] _o/$"
 # ALPN
 RE_PATTERN_ALPN = "ALPN protocol: npn_proto$"
 # Successful TLS establishement from TRIS
@@ -27,27 +27,47 @@ class Docker(object):
     def __init__(self):
         self.d = docker.from_env()
 
+    def close(self):
+        self.d.close()
+
     def get_ip(self, server):
         tris_localserver_container = self.d.containers.get(server)
         return tris_localserver_container.attrs['NetworkSettings']['IPAddress']
 
     def run_client(self, image_name, cmd):
         ''' Runs client and returns tuple (status_code, logs) '''
-        c = self.d.containers.create(image=image_name, command=cmd)
-        c.start()
+        c = self.d.containers.run(image=image_name, detach=True, command=cmd)
         res = c.wait()
-        ret = c.logs()
+        ret = c.logs().decode('utf8')
         c.remove()
         return (res['StatusCode'], ret)
 
     def run_server(self, image_name, cmd=None, ports=None, entrypoint=None):
         ''' Starts server and returns docker container '''
-        c = self.d.containers.create(image=image_name, detach=True, command=cmd, ports=ports, entrypoint=entrypoint)
-        c.start()
-        # TODO: maybe can be done better?
-        time.sleep(3)
+        c = self.d.containers.run(image=image_name, auto_remove=True, detach=True, command=cmd, ports=ports, entrypoint=entrypoint)
+        self.wait_for_ports(c)
         return c
 
+    def wait_for_ports(self, c):
+        ''' Waits until all services from the image are ready. '''
+        check_ports = set(int(portproto.split('/')[0]) for portproto in c.attrs['NetworkSettings']['Ports'])
+        for i in range(0, 100):
+            # 'ss -Htln' is the modern form, but boringssl image only includes
+            # netstat (via busybox).
+            info = c.exec_run('sh -c "ss -Htln 2>/dev/null || netstat -tln"')
+            if info.exit_code != 0:
+                print('Unable to check for open ports, sleeping for a fixed time')
+                time.sleep(3)
+                return
+            tcp_listen_info = [line for line in info.output.decode('utf8').splitlines() if 'LISTEN' in line]
+            if tcp_listen_info:
+                tcp_ports = set(int(line.split()[3].split(':')[-1]) for line in tcp_listen_info)
+                check_ports -= tcp_ports
+            if not check_ports:
+                return
+            time.sleep(.1)
+        print('WARNING: services from %s are not ready, missing %s' % (c.image. check_ports))
+
 class RegexSelfTest(unittest.TestCase):
     ''' Ensures that those regexe's actually work '''
 
@@ -100,7 +120,7 @@ def setUpClass(self):
     @classmethod
     def tearDownClass(self):
         self.server.kill()
-        self.server.remove()
+        self.d.close()
 
     @property
     def server_ip(self):
@@ -195,13 +215,13 @@ def setUpClass(self):
         self.d = Docker()
         self.server = self.d.run_server(
                             self.SERVER_NAME,
-                            ports={ '1443/tcp': 1443, '2443/tcp': 2443, '6443/tcp': 6443, '7443/tcp': 7443},
+                            ports={ '1443/tcp': None, '2443/tcp': None, '6443/tcp': None, '7443/tcp': None},
                             entrypoint="/server.sh")
 
     @classmethod
     def tearDownClass(self):
         self.server.kill()
-        self.server.remove()
+        self.d.close()
 
     @property
     def server_ip(self):