Closed Bug 860775 Opened 12 years ago Closed 6 years ago

Need dummy TURN server for test

Categories

(Core :: WebRTC: Networking, defect, P3)

Product:
Core
Component:
WebRTC: Networking
Platform:
x86
All
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Blocking Flags:
backlog webrtc/webaudio+

People

(Reporter: ekr, Unassigned)

Details

(Keywords: sec-other)

We need a TURN server to test against. Ultimately, we should ahve something built into the test harness. For now I stood something up on EC2. The credentials are below. Please do not post these publicly because we do not want this widely used outside of Mozilla testing. That is why this bug is security sensitive. TURN_SERVER_ADDRESS=54.245.170.175 TURN_SERVER_USER=test TURN_SERVER_PASSWORD=z1Oafy6yf1elj
Hmm...I wonder how we will approach our automation story with TURN with knowing we'll probably need creds here. Clint - Do we have a way to run mochitests that use creds such that we don't expose the creds publicly? If there isn't a way, what options do we have here?
Flags: needinfo?(ctalbert)
If the automation TURN server isn't visible to the wild internet (and I assume strongly it would not be), then exposing the credentials to it isn't a problem.
Priority: -- → P1
Whiteboard: [WebRTC] [blocking-webrtc-]
(In reply to Randell Jesup [:jesup] from comment #2) > If the automation TURN server isn't visible to the wild internet (and I > assume strongly it would not be), then exposing the credentials to it isn't > a problem. Hmm...so could we do something where the TURN server is only accessible over a Mozilla-based VPN?
If we create a TURN server inside the automation then that server will only be available to the machine that is running the test. However, the *code* will be available unless we take some kind of actin to hide it. I'm not sure if the code for the TURN server is sensitive or not. So, we can just put dummy credentials in the test themselves since nothing from the internet will have access to the TURN server that is running on the test slave. At least that's how I understand this unless I misunderstand what this server is and what it does...
Flags: needinfo?(ctalbert)
"inside the automation" means "on the local machine that is running the test". Dunno if that is clear.
clint, jason: Yes, if there was a TURN server that was only accessible from inside Moz networks, then we could just use credentials test/test. The only thing we are trying to do is make it so our TURN server isn't the TURN server for the Internet.
Nils -- Is this something Rithesh could do? Does "mid P2" feel like the right priority? (This means we'd try to get this done in Q3.) Also, does this bug need to stay "security sensitive"? If so, why?
Rank: 25
Flags: needinfo?(drno)
Priority: P1 → P2
Whiteboard: [WebRTC] [blocking-webrtc-]
backlog: --- → webRTC+
QA Contact: jsmith
The bug is security sensitive because it contains the credentials for my test TURN server (see the user story at the top of the bug).
We have a TURN server running in the QA lab already. That is on a private network, where we don't mind publishing credentials in the source code. Currently only mochitest under steeplechase are utilizing this. But we can setup more test jobs to execute e.g. C++ unit test (that would be an easy task for Rithesh and totally doable in his intership). The disadvantage is that this is not integrated with TBPL and therefore does not run on every checkin. There is ongoing effort to integrate the result reporting with treeherder. Is that sufficient I would prefer to take that approach rather then taking the long and hard discussion about how to get things working as part of the TBPL build automation.
Flags: needinfo?(drno)
A totally different idea which came up recently is to put a TURN server into mozilla-central which gets started before our tests. That would allow us to remove the external dependency of our unit tests. Only problem is that it would need to be cross platform. Which probably comes down to writing a basic TURN server in Python or something like that.
OS: Mac OS X → All
Group: core-security → media-core-security
Mass change P3->P4 to align with new Mozilla triage process.
Priority: P2 → P3
We do have a python TUNR server in tree now.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Group: media-core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.