ansys-saf-testing 0.11.dev0__py3-none-any.whl

ansys/saf/testing/__init__.py

@@ -0,0 +1,22 @@
+# Copyright (C) 2026 ANSYS, Inc. and/or its affiliates.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+try:
+    import importlib.metadata as importlib_metadata
+except ModuleNotFoundError:
+    import importlib_metadata  # type: ignore
+
+__version__ = importlib_metadata.version(f"{__name__.replace('.', '-')}")  # type: ignore

ansys/saf/testing/_common/__init__.py

@@ -0,0 +1,14 @@
+# Copyright (C) 2026 ANSYS, Inc. and/or its affiliates.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.

ansys/saf/testing/_common/common.py

@@ -0,0 +1,46 @@
+# Copyright (C) 2026 ANSYS, Inc. and/or its affiliates.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from collections.abc import Generator
+from importlib.util import find_spec
+from pathlib import Path
+import platform
+from typing import TypeVar
+
+F = TypeVar("F")
+YieldFixture = Generator[F, None, None]
+
+
+def find_exec_in_venv(venv_parent_dir: Path, exec_name: str, verify: bool = True) -> Path:
+    if platform.system() == "Windows":
+        exec_path = venv_parent_dir / ".venv" / "Scripts" / f"{exec_name}.exe"
+        if verify and not exec_path.is_file():
+            exec_path = venv_parent_dir / ".venv" / "Scripts" / f"{exec_name}.cmd"
+    else:
+        exec_path = venv_parent_dir / ".venv" / "bin" / exec_name
+    if verify and not exec_path.is_file():
+        raise FileNotFoundError(f"Executable {exec_name} not found in {venv_parent_dir}")
+    return exec_path
+
+
+def has_modules_installed(modules: list[str]) -> bool:
+    """Return True if all modules in the list are importable via find_spec."""
+    for module in modules:
+        try:
+            if find_spec(module) is None:
+                return False
+        except (ImportError, ModuleNotFoundError):
+            return False
+    return True

ansys/saf/testing/_common/directories.py

@@ -0,0 +1,56 @@
+# Copyright (C) 2026 ANSYS, Inc. and/or its affiliates.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+from pathlib import Path
+
+import pytest
+
+from ansys.saf.testing._common.common import YieldFixture
+
+
+@pytest.fixture
+def mock_appdata(monkeypatch: pytest.MonkeyPatch, tmp_path: Path) -> Path:
+    appdata = tmp_path / "appdata"
+    appdata.mkdir(exist_ok=True, parents=True)
+    monkeypatch.setenv("APPDATA", str(appdata))
+    monkeypatch.setenv("XDG_DATA_HOME", str(appdata))
+    return appdata
+
+
+@pytest.fixture(scope="module")
+def mock_module_appdata(tmp_path_factory: pytest.TempPathFactory, monkeysession: pytest.MonkeyPatch) -> Path:
+    appdata = tmp_path_factory.mktemp("appdata")
+    monkeysession.setenv("APPDATA", str(appdata))
+    monkeysession.setenv("XDG_DATA_HOME", str(appdata))
+    return appdata
+
+
+@pytest.fixture(scope="session")
+def mock_session_appdata(tmp_path_factory: pytest.TempPathFactory, monkeysession: pytest.MonkeyPatch) -> Path:
+    appdata = tmp_path_factory.mktemp("appdata")
+    monkeysession.setenv("APPDATA", str(appdata))
+    monkeysession.setenv("XDG_DATA_HOME", str(appdata))
+    return appdata
+
+
+@pytest.fixture
+def tmp_path_as_working_dir(tmp_path: Path, request: pytest.FixtureRequest) -> YieldFixture[Path]:
+    new_cwd = tmp_path if not hasattr(request, "param") else tmp_path / request.param
+    new_cwd.mkdir(exist_ok=True, parents=True)
+    original_path = Path.cwd()
+    os.chdir(new_cwd)
+    yield new_cwd
+    os.chdir(original_path)

ansys/saf/testing/_common/grpc_certificates.py

@@ -0,0 +1,391 @@
+# Copyright (C) 2026 ANSYS, Inc. and/or its affiliates.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+Create certificates for gRPC mutual TLS testing.
+This module can generate a complete set of certificates including:
+- Certificate Authority (CA) key and certificate
+- Server key and certificate(s) (signed by CA)
+- Client key and certificate (signed by CA)
+"""
+
+from datetime import datetime, timedelta, timezone
+import ipaddress
+import logging
+from pathlib import Path
+from typing import Any
+
+from cryptography import x509
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.x509.oid import ExtendedKeyUsageOID, NameOID
+
+_logger = logging.getLogger(__name__)
+
+
+def generate_private_key(key_size: int = 4096) -> rsa.RSAPrivateKey:
+    """
+    Generate an RSA private key.
+    Parameters
+    ----------
+    key_size : int, optional
+        Size of the RSA key in bits, by default 4096
+    Returns
+    -------
+    rsa.RSAPrivateKey
+        Generated RSA private key
+    """
+    return rsa.generate_private_key(
+        public_exponent=65537,
+        key_size=key_size,
+    )
+
+
+def save_private_key(key: rsa.RSAPrivateKey, filename: Path) -> None:
+    """
+    Save a private key to a PEM file.
+    Parameters
+    ----------
+    key : rsa.RSAPrivateKey
+        The private key to save
+    filename : str
+        Path to the output file
+    """
+    filename.write_bytes(
+        key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.PKCS8,
+            encryption_algorithm=serialization.NoEncryption(),
+        ),
+    )
+
+
+def save_certificate(cert: x509.Certificate, filename: Path) -> None:
+    """
+    Save a certificate to a PEM file.
+    Parameters
+    ----------
+    cert : x509.Certificate
+        The certificate to save
+    filename : str
+        Path to the output file
+    """
+    filename.write_bytes(cert.public_bytes(serialization.Encoding.PEM))
+
+
+def create_ca_certificate(ca_key: rsa.RSAPrivateKey, validity_days: int) -> x509.Certificate:
+    """
+    Create a self-signed CA certificate.
+    Parameters
+    ----------
+    ca_key : rsa.RSAPrivateKey
+        The private key for the CA certificate
+    validity_days : int
+        Number of days the certificate should be valid
+    Returns
+    -------
+    x509.Certificate
+        Self-signed CA certificate with appropriate extensions for certificate signing
+    """
+    subject = issuer = x509.Name(
+        [
+            x509.NameAttribute(NameOID.COMMON_NAME, "Test CA"),
+        ],
+    )
+
+    cert = (
+        x509.CertificateBuilder()
+        .subject_name(subject)
+        .issuer_name(issuer)
+        .public_key(ca_key.public_key())
+        .serial_number(x509.random_serial_number())
+        .not_valid_before(datetime.now(timezone.utc))
+        .not_valid_after(datetime.now(timezone.utc) + timedelta(days=validity_days))
+        .add_extension(
+            x509.BasicConstraints(ca=True, path_length=None),
+            critical=True,
+        )
+        .add_extension(
+            x509.KeyUsage(
+                digital_signature=True,
+                key_cert_sign=True,
+                crl_sign=True,
+                key_encipherment=False,
+                data_encipherment=False,
+                key_agreement=False,
+                content_commitment=False,
+                encipher_only=False,
+                decipher_only=False,
+            ),
+            critical=True,
+        )
+        .sign(ca_key, hashes.SHA256())
+    )
+
+    return cert
+
+
+def create_server_certificate(
+    server_key: rsa.RSAPrivateKey,
+    ca_cert: x509.Certificate,
+    ca_key: rsa.RSAPrivateKey,
+    server_common_name: str,
+    validity_days: int,
+    san_names: list[str] | None = None,
+) -> x509.Certificate:
+    """
+    Create a server certificate signed by the CA with optional Subject Alternative Names.
+    Parameters
+    ----------
+    server_key : rsa.RSAPrivateKey
+        The private key for the server certificate
+    ca_cert : x509.Certificate
+        The CA certificate to use as issuer
+    ca_key : rsa.RSAPrivateKey
+        The CA private key to sign the certificate
+    server_common_name : str
+        The common name for the server certificate (will be used as CN and primary SAN)
+    validity_days : int
+        Number of days the certificate should be valid
+    san_names : list, optional
+        Additional Subject Alternative Names to include, by default None
+    Returns
+    -------
+    x509.Certificate
+        Server certificate signed by the CA with SERVER_AUTH extended key usage
+    """
+    subject = x509.Name(
+        [
+            x509.NameAttribute(NameOID.COMMON_NAME, server_common_name),
+        ],
+    )
+
+    # Build SAN list - always include the CN, plus any additional names
+    san_list = [x509.DNSName(server_common_name)]
+    if san_names:
+        for name in san_names:
+            # Skip if it's the same as CN to avoid duplicates
+            if name != server_common_name:
+                try:
+                    # Try to parse as IP address
+                    ip_addr = ipaddress.ip_address(name)
+                    san_list.append(x509.IPAddress(ip_addr))  # type: ignore
+                    _logger.info("  Added IP SAN: %s", name)
+                except ValueError:
+                    # Not an IP, treat as DNS name
+                    san_list.append(x509.DNSName(name))
+                    _logger.info("  Added DNS SAN: %s", name)
+
+    cert = (
+        x509.CertificateBuilder()
+        .subject_name(subject)
+        .issuer_name(ca_cert.subject)
+        .public_key(server_key.public_key())
+        .serial_number(x509.random_serial_number())
+        .not_valid_before(datetime.now(timezone.utc))
+        .not_valid_after(datetime.now(timezone.utc) + timedelta(days=validity_days))
+        .add_extension(
+            x509.SubjectAlternativeName(san_list),
+            critical=False,
+        )
+        .add_extension(
+            x509.KeyUsage(
+                digital_signature=True,
+                key_encipherment=True,
+                key_cert_sign=False,
+                crl_sign=False,
+                data_encipherment=False,
+                key_agreement=False,
+                content_commitment=False,
+                encipher_only=False,
+                decipher_only=False,
+            ),
+            critical=True,
+        )
+        .add_extension(
+            x509.ExtendedKeyUsage(
+                [
+                    ExtendedKeyUsageOID.SERVER_AUTH,
+                ],
+            ),
+            critical=False,
+        )
+        .sign(ca_key, hashes.SHA256())
+    )
+
+    return cert
+
+
+def create_client_certificate(
+    client_key: rsa.RSAPrivateKey,
+    ca_cert: x509.Certificate,
+    ca_key: rsa.RSAPrivateKey,
+    client_common_name: str,
+    validity_days: int,
+) -> x509.Certificate:
+    """
+    Create a client certificate signed by the CA.
+    Parameters
+    ----------
+    client_key : rsa.RSAPrivateKey
+        The private key for the client certificate
+    ca_cert : x509.Certificate
+        The CA certificate to use as issuer
+    ca_key : rsa.RSAPrivateKey
+        The CA private key to sign the certificate
+    client_common_name : str
+        The common name for the client certificate
+    validity_days : int
+        Number of days the certificate should be valid
+    Returns
+    -------
+    x509.Certificate
+        Client certificate signed by the CA with CLIENT_AUTH extended key usage
+    """
+    subject = x509.Name(
+        [
+            x509.NameAttribute(NameOID.COMMON_NAME, client_common_name),
+        ],
+    )
+
+    cert = (
+        x509.CertificateBuilder()
+        .subject_name(subject)
+        .issuer_name(ca_cert.subject)
+        .public_key(client_key.public_key())
+        .serial_number(x509.random_serial_number())
+        .not_valid_before(datetime.now(timezone.utc))
+        .not_valid_after(datetime.now(timezone.utc) + timedelta(days=validity_days))
+        .add_extension(
+            x509.SubjectAlternativeName(
+                [
+                    x509.DNSName(client_common_name),
+                ],
+            ),
+            critical=False,
+        )
+        .add_extension(
+            x509.KeyUsage(
+                digital_signature=True,
+                key_encipherment=True,
+                key_cert_sign=False,
+                crl_sign=False,
+                data_encipherment=False,
+                key_agreement=False,
+                content_commitment=False,
+                encipher_only=False,
+                decipher_only=False,
+            ),
+            critical=True,
+        )
+        .add_extension(
+            x509.ExtendedKeyUsage(
+                [
+                    ExtendedKeyUsageOID.CLIENT_AUTH,
+                ],
+            ),
+            critical=False,
+        )
+        .sign(ca_key, hashes.SHA256())
+    )
+
+    return cert
+
+
+def parse_server_spec(server_spec: str) -> tuple[str, list[Any]]:
+    """
+    Parse a server specification string into primary hostname and SAN list.
+    Parameters
+    ----------
+    server_spec : str
+        A comma-separated string like "node01,192.0.2.1" or just "node01"
+    Returns
+    -------
+    tuple[str, list]
+        Tuple containing (primary_hostname, [additional_san_names])
+    Raises
+    ------
+    ValueError
+        If the server specification is empty or invalid
+    """
+    names = [name.strip() for name in server_spec.split(",") if name.strip()]
+    if not names:
+        raise ValueError("Server specification cannot be empty")
+
+    primary_hostname = names[0]
+    additional_sans = names[1:] if len(names) > 1 else []
+
+    return primary_hostname, additional_sans
+
+
+def generate_server_certificates(
+    ca_cert: x509.Certificate,
+    ca_key: rsa.RSAPrivateKey,
+    server_specs: list[Any],
+    validity_days: int,
+    directory: str = ".",
+) -> list[str]:
+    """
+    Generate multiple server certificates based on server specifications.
+    Parameters
+    ----------
+    ca_cert : x509.Certificate
+        The CA certificate to sign with
+    ca_key : rsa.RSAPrivateKey
+        The CA private key to sign with
+    server_specs : list
+        List of server specification strings in format "hostname[,san1,san2,...]"
+    validity_days : int
+        Number of days the certificates should be valid
+    directory : str, optional
+        Directory to save the generated certificates and keys, by default "."
+    Returns
+    -------
+    list
+        List of generated certificate filenames
+    """
+    generated_files: list[str] = []
+
+    for spec in server_specs:
+        primary_hostname, additional_sans = parse_server_spec(spec)
+
+        # If only one server is specified, use 'server' as generic name
+        filename = "server" if len(server_specs) == 1 else primary_hostname
+
+        _logger.info("Generating server certificate for %s", primary_hostname)
+        if additional_sans:
+            _logger.info("  Additional SAN names: %s", ", ".join(additional_sans))
+
+        # Generate server key and certificate
+        server_key = generate_private_key()
+        server_cert = create_server_certificate(
+            server_key,
+            ca_cert,
+            ca_key,
+            primary_hostname,
+            validity_days,
+            additional_sans,
+        )
+
+        # Save with primary hostname as filename
+        key_filename = Path(directory) / f"{filename}.key"
+        cert_filename = Path(directory) / f"{filename}.crt"
+
+        save_private_key(server_key, key_filename)
+        save_certificate(server_cert, cert_filename)
+
+        generated_files.extend([key_filename.as_posix(), cert_filename.as_posix()])
+
+    return generated_files

ansys/saf/testing/_common/network.py

@@ -0,0 +1,114 @@
+# Copyright (C) 2026 ANSYS, Inc. and/or its affiliates.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from pathlib import Path
+import platform
+import socket
+import subprocess
+
+import pytest
+
+from ansys.saf.testing._common.grpc_certificates import (
+    create_ca_certificate,
+    create_client_certificate,
+    generate_private_key,
+    generate_server_certificates,
+    save_certificate,
+    save_private_key,
+)
+from ansys.saf.testing._solution.const import TestDeployment
+
+
+def get_random_free_port() -> int:
+    """Return a free socket port. Handled by the OS."""
+    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
+        try:
+            sock.bind(("", 0))
+            return sock.getsockname()[1]
+        except OSError as err:
+            raise OSError("no free ports") from err
+
+
+def get_local_ip() -> str:
+    """Return the unique ipv4 address of this node."""
+    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+    s.connect(("8.8.8.8", 80))
+    ip = s.getsockname()[0]
+    s.close()
+    return ip
+
+
+def get_docker_gateway_ip() -> str:
+    p = subprocess.run("ip route | awk '/docker0/ {print $9}'", capture_output=True, text=True, shell=True)
+    if p.returncode != 0:
+        raise Exception("Can't get default docker gateway IP")
+    return p.stdout.strip()
+
+
+@pytest.fixture(scope="session")
+def docker_gateway_ip(deployment_type: TestDeployment) -> str:
+    if deployment_type == TestDeployment.DockerCompose and platform.system() == "Linux":
+        return get_docker_gateway_ip()
+    else:
+        return "127.0.0.1"
+
+
+@pytest.fixture(scope="session")
+def local_ip() -> str:
+    return get_local_ip()
+
+
+@pytest.fixture(scope="session")
+def certificates_directory(
+    tmp_path_factory: pytest.TempPathFactory,
+    local_ip: str,
+    docker_gateway_ip: str,
+    hps_host: str,
+) -> Path:
+    """Create localhost server and client certificates signed by a local CA. The validity is one day."""
+
+    output_dir = tmp_path_factory.mktemp("certs-")
+
+    servers = [
+        f"localhost,127.0.0.1,{local_ip}",
+    ]
+    if docker_gateway_ip not in servers[0]:
+        servers[0] += f",{docker_gateway_ip},host.docker.internal"
+    if hps_host not in servers[0]:
+        servers[0] += f",{hps_host}"
+
+    days = 1
+    client_common_name = "client"
+
+    output_dir.mkdir(exist_ok=True)
+
+    # Generate CA key and certificate for self-signing
+    ca_key = generate_private_key()
+    ca_cert = create_ca_certificate(ca_key, days)
+
+    save_private_key(ca_key, output_dir / "ca.key")
+    save_certificate(ca_cert, output_dir / "ca.crt")
+
+    # Generate server certificates
+    generate_server_certificates(ca_cert, ca_key, servers, days, output_dir.as_posix())
+
+    # Generate client key and certificate
+    client_key = generate_private_key()
+    client_cert = create_client_certificate(client_key, ca_cert, ca_key, client_common_name, days)
+
+    save_private_key(client_key, output_dir / "client.key")
+    save_certificate(client_cert, output_dir / "client.crt")
+
+    return output_dir

ansys/saf/testing/_database/__init__.py

@@ -0,0 +1,14 @@
+# Copyright (C) 2026 ANSYS, Inc. and/or its affiliates.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.