diff options
author | elijah <elijah@riseup.net> | 2016-04-09 23:44:53 -0700 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2016-04-09 23:44:53 -0700 |
commit | a890550aeba848f1e07ec71967463ee4b247c623 (patch) | |
tree | 8c6b36aa130a4c2136346096599d04e71c0cd6d6 /test | |
parent | 31b4d6c59fb0ad755f2d52e382063eb0b1fca735 (diff) |
fix tests
Diffstat (limited to 'test')
32 files changed, 165 insertions, 857 deletions
diff --git a/test/leap_platform/platform.rb b/test/leap_platform/platform.rb deleted file mode 100644 index f27fa00..0000000 --- a/test/leap_platform/platform.rb +++ /dev/null @@ -1,89 +0,0 @@ -# encoding: utf-8 -# -# These are variables defined by this leap_platform and used by leap_cli. -# - -Leap::Platform.define do - self.version = "0.7.1" - self.compatible_cli = "1.7.1".."1.7.99" - - # - # the facter facts that should be gathered - # - self.facts = ["ec2_local_ipv4", "ec2_public_ipv4"] - - # - # the named paths for this platform - # - self.paths = { - # directories - :hiera_dir => 'hiera', - :files_dir => 'files', - :nodes_dir => 'nodes', - :services_dir => 'services', - :tags_dir => 'tags', - :node_files_dir => 'files/nodes/#{arg}', - - # input config files - :common_config => 'common.json', - :provider_config => 'provider.json', - :secrets_config => 'secrets.json', - :node_config => 'nodes/#{arg}.json', - :service_config => 'services/#{arg}.json', - :tag_config => 'tags/#{arg}.json', - - # input config files, environmentally scoped - :provider_env_config => 'provider.#{arg}.json', - :service_env_config => 'services/#{arg}.#{arg}.json', - :tag_env_config => 'tags/#{arg}.#{arg}.json', - - # input templates - :provider_json_template => 'files/service-definitions/provider.json.erb', - :eip_service_json_template => 'files/service-definitions/#{arg}/eip-service.json.erb', - :soledad_service_json_template => 'files/service-definitions/#{arg}/soledad-service.json.erb', - :smtp_service_json_template => 'files/service-definitions/#{arg}/smtp-service.json.erb', - - # output files - :facts => 'facts.json', - :user_ssh => 'users/#{arg}/#{arg}_ssh.pub', - :user_pgp => 'users/#{arg}/#{arg}_pgp.pub', - :known_hosts => 'files/ssh/known_hosts', - :authorized_keys => 'files/ssh/authorized_keys', - :monitor_pub_key => 'files/ssh/monitor_ssh.pub', - :monitor_priv_key => 'files/ssh/monitor_ssh', - :ca_key => 'files/ca/ca.key', - :ca_cert => 'files/ca/ca.crt', - :client_ca_key => 'files/ca/client_ca.key', - :client_ca_cert => 'files/ca/client_ca.crt', - :dh_params => 'files/ca/dh.pem', - :commercial_key => 'files/cert/#{arg}.key', - :commercial_csr => 'files/cert/#{arg}.csr', - :commercial_cert => 'files/cert/#{arg}.crt', - :commercial_ca_cert => 'files/cert/commercial_ca.crt', - :vagrantfile => 'test/Vagrantfile', - - # node output files - :hiera => 'hiera/#{arg}.yaml', - :node_ssh_pub_key => 'files/nodes/#{arg}/#{arg}_ssh.pub', - :node_x509_key => 'files/nodes/#{arg}/#{arg}.key', - :node_x509_cert => 'files/nodes/#{arg}/#{arg}.crt', - - # testing files - :test_client_key => 'test/cert/client.key', - :test_client_cert => 'test/cert/client.crt', - :test_openvpn_config => 'test/openvpn/#{arg}.ovpn', - :test_client_openvpn_template => 'test/openvpn/client.ovpn.erb' - } - - # - # the files that need to get renamed when a node is renamed - # - self.node_files = [ - :node_config, :hiera, :node_x509_cert, :node_x509_key, :node_ssh_pub_key - ] - - self.monitor_username = 'monitor' - - self.reserved_usernames = ['monitor'] -end - diff --git a/test/leap_platform/provider_base/common.json b/test/leap_platform/provider_base/common.json deleted file mode 100644 index 41a0645..0000000 --- a/test/leap_platform/provider_base/common.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "ip_address": null, - "environment": null, - "services": [], - "tags": [], - "domain": { - "full_suffix": "= global.provider.domain", - "internal_suffix": "= global.provider.domain_internal", - "full": "= node.name + '.' + domain.full_suffix", - "internal": "= node.name + '.' + domain.internal_suffix", - "name": "= node.name + '.' + (dns.public ? domain.full_suffix : domain.internal_suffix)" - }, - "dns": { - "public": "= service_type != 'internal_service'" - }, - "ssh": { - "authorized_keys": "= file :authorized_keys", - "port": 22 - }, - "hosts": "=> hosts_file", - "x509": { - "use": false, - "cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap cert update`') : nil", - "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap cert update`') : nil", - "ca_cert": "= try_file :ca_cert" - }, - "service_type": "internal_service", - "name": "common", - "enabled": true -} diff --git a/test/leap_platform/provider_base/lib/macros.rb b/test/leap_platform/provider_base/lib/macros.rb deleted file mode 100644 index 854b92b..0000000 --- a/test/leap_platform/provider_base/lib/macros.rb +++ /dev/null @@ -1,14 +0,0 @@ -# -# MACROS -# -# The methods in these files are available in the context of a .json configuration file. -# (The module LeapCli::Macro is included in Config::Object) -# - -require_relative 'macros/core' -require_relative 'macros/files' -require_relative 'macros/haproxy' -require_relative 'macros/hosts' -require_relative 'macros/nodes' -require_relative 'macros/secrets' -require_relative 'macros/stunnel' diff --git a/test/leap_platform/provider_base/lib/macros/core.rb b/test/leap_platform/provider_base/lib/macros/core.rb deleted file mode 100644 index d4d9171..0000000 --- a/test/leap_platform/provider_base/lib/macros/core.rb +++ /dev/null @@ -1,86 +0,0 @@ -# encoding: utf-8 - -module LeapCli - module Macro - - # - # return a fingerprint for a x509 certificate - # - def fingerprint(filename) - "SHA256: " + X509.fingerprint("SHA256", Path.named_path(filename)) - end - - # - # Creates a hash from the ssh key info in users directory, for use in - # updating authorized_keys file. Additionally, the 'monitor' public key is - # included, which is used by the monitor nodes to run particular commands - # remotely. - # - def authorized_keys - hash = {} - keys = Dir.glob(Path.named_path([:user_ssh, '*'])) - keys.sort.each do |keyfile| - ssh_type, ssh_key = File.read(keyfile, :encoding => 'UTF-8').strip.split(" ") - name = File.basename(File.dirname(keyfile)) - hash[name] = { - "type" => ssh_type, - "key" => ssh_key - } - end - ssh_type, ssh_key = File.read(Path.named_path(:monitor_pub_key), :encoding => 'UTF-8').strip.split(" ") - hash[Leap::Platform.monitor_username] = { - "type" => ssh_type, - "key" => ssh_key - } - hash - end - - def assert(assertion) - if instance_eval(assertion) - true - else - raise AssertionFailed.new(assertion) - end - end - - # - # applies a JSON partial to this node - # - def apply_partial(partial_path) - manager.partials(partial_path).each do |partial_data| - self.deep_merge!(partial_data) - end - end - - # - # If at first you don't succeed, then it is time to give up. - # - # try{} returns nil if anything in the block throws an exception. - # - # You can wrap something that might fail in `try`, like so. - # - # "= try{ nodes[:services => 'tor'].first.ip_address } " - # - def try(&block) - yield - rescue NoMethodError - nil - end - - protected - - # - # returns a node list, if argument is not already one - # - def listify(node_list) - if node_list.is_a? Config::ObjectList - node_list - elsif node_list.is_a? Config::Object - Config::ObjectList.new(node_list) - else - raise ArgumentError, 'argument must be a node or node list, not a `%s`' % node_list.class, caller - end - end - - end -end diff --git a/test/leap_platform/provider_base/lib/macros/files.rb b/test/leap_platform/provider_base/lib/macros/files.rb deleted file mode 100644 index 0a49132..0000000 --- a/test/leap_platform/provider_base/lib/macros/files.rb +++ /dev/null @@ -1,79 +0,0 @@ -# encoding: utf-8 - -## -## FILES -## - -module LeapCli - module Macro - - # - # inserts the contents of a file - # - def file(filename, options={}) - if filename.is_a? Symbol - filename = [filename, @node.name] - end - filepath = Path.find_file(filename) - if filepath - if filepath =~ /\.erb$/ - ERB.new(File.read(filepath, :encoding => 'UTF-8'), nil, '%<>').result(binding) - else - File.read(filepath, :encoding => 'UTF-8') - end - else - raise FileMissing.new(Path.named_path(filename), options) - "" - end - end - - # - # like #file, but allow missing files - # - def try_file(filename) - return file(filename) - rescue FileMissing - return nil - end - - # - # returns what the file path will be, once the file is rsynced to the server. - # an internal list of discovered file paths is saved, in order to rsync these files when needed. - # - # notes: - # - # * argument 'path' is relative to Path.provider/files or Path.provider_base/files - # * the path returned by this method is absolute - # * the path stored for use later by rsync is relative to Path.provider - # * if the path does not exist locally, but exists in provider_base, then the default file from - # provider_base is copied locally. this is required for rsync to work correctly. - # - def file_path(path) - if path.is_a? Symbol - path = [path, @node.name] - end - actual_path = Path.find_file(path) - if actual_path.nil? - Util::log 2, :skipping, "file_path(\"#{path}\") because there is no such file." - nil - else - if actual_path =~ /^#{Regexp.escape(Path.provider_base)}/ - # if file is under Path.provider_base, we must copy the default file to - # to Path.provider in order for rsync to be able to sync the file. - local_provider_path = actual_path.sub(/^#{Regexp.escape(Path.provider_base)}/, Path.provider) - FileUtils.mkdir_p File.dirname(local_provider_path), :mode => 0700 - FileUtils.install actual_path, local_provider_path, :mode => 0600 - Util.log :created, Path.relative_path(local_provider_path) - actual_path = local_provider_path - end - if File.directory?(actual_path) && actual_path !~ /\/$/ - actual_path += '/' # ensure directories end with /, important for building rsync command - end - relative_path = Path.relative_path(actual_path) - @node.file_paths << relative_path - @node.manager.provider.hiera_sync_destination + '/' + relative_path - end - end - - end -end
\ No newline at end of file diff --git a/test/leap_platform/provider_base/lib/macros/haproxy.rb b/test/leap_platform/provider_base/lib/macros/haproxy.rb deleted file mode 100644 index c0f9ede..0000000 --- a/test/leap_platform/provider_base/lib/macros/haproxy.rb +++ /dev/null @@ -1,69 +0,0 @@ -# encoding: utf-8 - -## -## HAPROXY -## - -module LeapCli - module Macro - - # - # creates a hash suitable for configuring haproxy. the key is the node name of the server we are proxying to. - # - # * node_list - a hash of nodes for the haproxy servers - # * stunnel_client - contains the mappings to local ports for each server node. - # * non_stunnel_port - in case self is included in node_list, the port to connect to. - # - # 1000 weight is used for nodes in the same location. - # 100 otherwise. - # - def haproxy_servers(node_list, stunnel_clients, non_stunnel_port=nil) - default_weight = 10 - local_weight = 100 - - # record the hosts_file - hostnames(node_list) - - # create a simple map for node name -> local stunnel accept port - accept_ports = stunnel_clients.inject({}) do |hsh, stunnel_entry| - name = stunnel_entry.first.sub /_[0-9]+$/, '' - hsh[name] = stunnel_entry.last['accept_port'] - hsh - end - - # if one the nodes in the node list is ourself, then there will not be a stunnel to it, - # but we need to include it anyway in the haproxy config. - if node_list[self.name] && non_stunnel_port - accept_ports[self.name] = non_stunnel_port - end - - # create the first pass of the servers hash - servers = node_list.values.inject(Config::ObjectList.new) do |hsh, node| - weight = default_weight - try { - weight = local_weight if self.location.name == node.location.name - } - hsh[node.name] = Config::Object[ - 'backup', false, - 'host', 'localhost', - 'port', accept_ports[node.name] || 0, - 'weight', weight - ] - if node.services.include?('couchdb') - hsh[node.name]['writable'] = node.couch.mode != 'mirror' - end - hsh - end - - # if there are some local servers, make the others backup - if servers.detect{|k,v| v.weight == local_weight} - servers.each do |k,server| - server['backup'] = server['weight'] == default_weight - end - end - - return servers - end - - end -end
\ No newline at end of file diff --git a/test/leap_platform/provider_base/lib/macros/hosts.rb b/test/leap_platform/provider_base/lib/macros/hosts.rb deleted file mode 100644 index 8a4058a..0000000 --- a/test/leap_platform/provider_base/lib/macros/hosts.rb +++ /dev/null @@ -1,63 +0,0 @@ -# encoding: utf-8 - -module LeapCli - module Macro - - ## - ## HOSTS - ## - - # - # records the list of hosts that are encountered for this node - # - def hostnames(nodes) - @referenced_nodes ||= Config::ObjectList.new - nodes = listify(nodes) - nodes.each_node do |node| - @referenced_nodes[node.name] ||= node - end - return nodes.values.collect {|node| node.domain.name} - end - - # - # Generates entries needed for updating /etc/hosts on a node (as a hash). - # - # Argument `nodes` can be nil or a list of nodes. If nil, only include the - # IPs of the other nodes this @node as has encountered (plus all mx nodes). - # - # Also, for virtual machines, we use the local address if this @node is in - # the same location as the node in question. - # - # We include the ssh public key for each host, so that the hash can also - # be used to generate the /etc/ssh/known_hosts - # - def hosts_file(nodes=nil) - if nodes.nil? - if @referenced_nodes && @referenced_nodes.any? - nodes = @referenced_nodes - nodes = nodes.merge(nodes_like_me[:services => 'mx']) # all nodes always need to communicate with mx nodes. - end - end - return {} unless nodes - hosts = {} - my_location = @node['location'] ? @node['location']['name'] : nil - nodes.each_node do |node| - hosts[node.name] = {'ip_address' => node.ip_address, 'domain_internal' => node.domain.internal, 'domain_full' => node.domain.full} - node_location = node['location'] ? node['location']['name'] : nil - if my_location == node_location - if facts = @node.manager.facts[node.name] - if facts['ec2_public_ipv4'] - hosts[node.name]['ip_address'] = facts['ec2_public_ipv4'] - end - end - end - host_pub_key = Util::read_file([:node_ssh_pub_key,node.name]) - if host_pub_key - hosts[node.name]['host_pub_key'] = host_pub_key - end - end - hosts - end - - end -end
\ No newline at end of file diff --git a/test/leap_platform/provider_base/lib/macros/nodes.rb b/test/leap_platform/provider_base/lib/macros/nodes.rb deleted file mode 100644 index 0c6668a..0000000 --- a/test/leap_platform/provider_base/lib/macros/nodes.rb +++ /dev/null @@ -1,88 +0,0 @@ -# encoding: utf-8 - -## -## node related macros -## - -module LeapCli - module Macro - - # - # the list of all the nodes - # - def nodes - global.nodes - end - - # - # grab an environment appropriate provider - # - def provider - global.env(@node.environment).provider - end - - # - # returns a list of nodes that match the same environment - # - # if @node.environment is not set, we return other nodes - # where environment is not set. - # - def nodes_like_me - nodes[:environment => @node.environment] - end - - # - # returns a list of nodes that match the location name - # and environment of @node. - # - def nodes_near_me - if @node['location'] && @node['location']['name'] - nodes_like_me['location.name' => @node.location.name] - else - nodes_like_me['location' => nil] - end - end - - # - # - # picks a node out from the node list in such a way that: - # - # (1) which nodes picked which nodes is saved in secrets.json - # (2) when other nodes call this macro with the same node list, they are guaranteed to get a different node - # (3) if all the nodes in the pick_node list have been picked, remaining nodes are distributed randomly. - # - # if the node_list is empty, an exception is raised. - # if node_list size is 1, then that node is returned and nothing is - # memorized via the secrets.json file. - # - # `label` is needed to distinguish between pools of nodes for different purposes. - # - # TODO: more evenly balance after all the nodes have been picked. - # - def pick_node(label, node_list) - if node_list.any? - if node_list.size == 1 - return node_list.values.first - else - secrets_key = "pick_node(:#{label},#{node_list.keys.sort.join(',')})" - secrets_value = @manager.secrets.retrieve(secrets_key, @node.environment) || {} - secrets_value[@node.name] ||= begin - node_to_pick = nil - node_list.each_node do |node| - next if secrets_value.values.include?(node.name) - node_to_pick = node.name - end - node_to_pick ||= secrets_value.values.shuffle.first # all picked already, so pick a random one. - node_to_pick - end - picked_node_name = secrets_value[@node.name] - @manager.secrets.set(secrets_key, secrets_value, @node.environment) - return node_list[picked_node_name] - end - else - raise ArgumentError.new('pick_node(node_list): node_list cannot be empty') - end - end - - end -end
\ No newline at end of file diff --git a/test/leap_platform/provider_base/lib/macros/secrets.rb b/test/leap_platform/provider_base/lib/macros/secrets.rb deleted file mode 100644 index 51bf397..0000000 --- a/test/leap_platform/provider_base/lib/macros/secrets.rb +++ /dev/null @@ -1,39 +0,0 @@ -# encoding: utf-8 - -require 'base32' - -module LeapCli - module Macro - - # - # inserts a named secret, generating it if needed. - # - # manager.export_secrets should be called later to capture any newly generated secrets. - # - # +length+ is the character length of the generated password. - # - def secret(name, length=32) - @manager.secrets.set(name, Util::Secret.generate(length), @node[:environment]) - end - - # inserts a base32 encoded secret - def base32_secret(name, length=20) - @manager.secrets.set(name, Base32.encode(Util::Secret.generate(length)), @node[:environment]) - end - - # Picks a random obfsproxy port from given range - def rand_range(name, range) - @manager.secrets.set(name, rand(range), @node[:environment]) - end - - # - # inserts an hexidecimal secret string, generating it if needed. - # - # +bit_length+ is the bits in the secret, (ie length of resulting hex string will be bit_length/4) - # - def hex_secret(name, bit_length=128) - @manager.secrets.set(name, Util::Secret.generate_hex(bit_length), @node[:environment]) - end - - end -end
\ No newline at end of file diff --git a/test/leap_platform/provider_base/lib/macros/stunnel.rb b/test/leap_platform/provider_base/lib/macros/stunnel.rb deleted file mode 100644 index f16308c..0000000 --- a/test/leap_platform/provider_base/lib/macros/stunnel.rb +++ /dev/null @@ -1,95 +0,0 @@ -## -## STUNNEL -## - -# -# About stunnel -# -------------------------- -# -# The network looks like this: -# -# From the client's perspective: -# -# |------- stunnel client --------------| |---------- stunnel server -----------------------| -# consumer app -> localhost:accept_port -> connect:connect_port -> ?? -# -# From the server's perspective: -# -# |------- stunnel client --------------| |---------- stunnel server -----------------------| -# ?? -> *:accept_port -> localhost:connect_port -> service -# - -module LeapCli - module Macro - - # - # stunnel configuration for the client side. - # - # +node_list+ is a ObjectList of nodes running stunnel servers. - # - # +port+ is the real port of the ultimate service running on the servers - # that the client wants to connect to. - # - # * accept_port is the port on localhost to which local clients - # can connect. it is auto generated serially. - # - # * connect_port is the port on the stunnel server to connect to. - # it is auto generated from the +port+ argument. - # - # generates an entry appropriate to be passed directly to - # create_resources(stunnel::service, hiera('..'), defaults) - # - # local ports are automatically generated, starting at 4000 - # and incrementing in sorted order (by node name). - # - def stunnel_client(node_list, port, options={}) - @next_stunnel_port ||= 4000 - node_list = listify(node_list) - hostnames(node_list) # record the hosts - result = Config::ObjectList.new - node_list.each_node do |node| - if node.name != self.name || options[:include_self] - result["#{node.name}_#{port}"] = Config::Object[ - 'accept_port', @next_stunnel_port, - 'connect', node.domain.internal, - 'connect_port', stunnel_port(port), - 'original_port', port - ] - @next_stunnel_port += 1 - end - end - result - end - - # - # generates a stunnel server entry. - # - # +port+ is the real port targeted service. - # - # * `accept_port` is the publicly bound port - # * `connect_port` is the port that the local service is running on. - # - def stunnel_server(port) - { - "accept_port" => stunnel_port(port), - "connect_port" => port - } - end - - private - - # - # maps a real port to a stunnel port (used as the connect_port in the client config - # and the accept_port in the server config) - # - def stunnel_port(port) - port = port.to_i - if port < 50000 - return port + 10000 - else - return port - 10000 - end - end - - end -end
\ No newline at end of file diff --git a/test/leap_platform/provider_base/provider.json b/test/leap_platform/provider_base/provider.json deleted file mode 100644 index ee24f5f..0000000 --- a/test/leap_platform/provider_base/provider.json +++ /dev/null @@ -1,53 +0,0 @@ -{ - "domain": "REQUIRED", - "domain_internal": "= domain.sub(/\\..*$/,'.i')", - "name": { - "en": "REQUIRED" - }, - "description": { - "en": "REQUIRED" - }, - "contacts": { - "default": "REQUIRED" - }, - "languages": ["en"], - "default_language": "en", - "enrollment_policy": "open", - "service": { - "levels": [ - // bandwidth limit is in Bytes, storage limit is in MB. - {"id": 1, "name": "free", "storage":50}, - {"id": 2, "name": "basic", "storage":1000, "rate": ["US$10", "€10"]}, - {"id": 3, "name": "pro", "storage":10000, "rate": ["US$20", "€20"]} - ], - "default_service_level": 1, - "bandwidth_limit": 102400, - "allow_free": "= global.provider.service.levels.select {|l| l['rate'].nil?}.any?", - "allow_paid": "= global.provider.service.levels.select {|l| !l['rate'].nil?}.any?", - "allow_anonymous": "= global.provider.service.levels.select {|l| l['name'] == 'anonymous'}.any?", - "allow_registration": "= global.provider.service.levels.select {|l| l['name'] != 'anonymous'}.any?", - "allow_limited_bandwidth": "= global.provider.service.levels.select {|l| l['bandwidth'] == 'limited'}.any?", - "allow_unlimited_bandwidth": "= global.provider.service.levels.select {|l| l['bandwidth'].nil?}.any?" - }, - "ca": { - "name": "= global.provider.ca.organization + ' Root CA'", - "organization": "= global.provider.name[global.provider.default_language]", - "organizational_unit": "= 'https://' + global.provider.domain", - "bit_size": 4096, - "digest": "SHA256", - "life_span": "10y", - "server_certificates": { - "bit_size": 2024, - "digest": "SHA256", - "life_span": "1y" - }, - "client_certificates": { - "bit_size": 2024, - "digest": "SHA256", - "life_span": "2m", - "limited_prefix": "LIMITED", - "unlimited_prefix": "UNLIMITED" - } - }, - "hiera_sync_destination": "/etc/leap" -} diff --git a/test/leap_platform/provider_base/services/ca.json b/test/leap_platform/provider_base/services/ca.json deleted file mode 100644 index d7d8452..0000000 --- a/test/leap_platform/provider_base/services/ca.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "x509": { - "use": true - } -} diff --git a/test/leap_platform/provider_base/services/couchdb.json b/test/leap_platform/provider_base/services/couchdb.json deleted file mode 100644 index ce24e7f..0000000 --- a/test/leap_platform/provider_base/services/couchdb.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "x509": { - "use": true - }, - "stunnel": { - "couch_server": "= stunnel_server(couch.port)" - }, - "couch": { - "port": 5984, - "bigcouch": { - "cookie": "= secret :bigcouch_cookie" - }, - "users": { - "admin": { - "username": "admin", - "password": "= secret :couch_admin_password" - }, - "webapp": { - "username": "webapp", - "password": "= secret :couch_webapp_password" - }, - "ca_daemon": { - "username": "ca_daemon", - "password": "= secret :couch_ca_daemon_password" - } - } - } -} diff --git a/test/leap_platform/provider_base/services/openvpn.json b/test/leap_platform/provider_base/services/openvpn.json deleted file mode 100644 index 00cd957..0000000 --- a/test/leap_platform/provider_base/services/openvpn.json +++ /dev/null @@ -1,18 +0,0 @@ -// -// "server_crt": "= file :node_x509_cert", -// "server_key": "= file :node_x509_key" -// -{ - "service_type": "user_service", - "x509": { - "use": true - }, - "openvpn": { - "ports": ["80", "443", "53", "1194"], - "filter_dns": false, - "nat": true, - "ca_crt": "= file :ca_cert", - "ca_key": "= file :ca_key", - "dh": "= file :dh_params, :missing => 'Diffie-Hellman parameters. Run `leap cert dh` to create it'" - } -} diff --git a/test/leap_platform/provider_base/services/webapp.json b/test/leap_platform/provider_base/services/webapp.json deleted file mode 100644 index 895aa6e..0000000 --- a/test/leap_platform/provider_base/services/webapp.json +++ /dev/null @@ -1,43 +0,0 @@ -{ - "webapp": { - "modules": ["user", "billing", "help"], - "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]", - "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", - "favicon": "= file_path 'branding/favicon.ico'", - "tail_scss": "= file_path 'branding/tail.scss'", - "head_scss": "= file_path 'branding/head.scss'", - "img_dir": "= file_path 'branding/img'", - "client_certificates": "= global.provider.ca.client_certificates", - "allow_limited_certs": "= global.provider.service.allow_limited_bandwidth", - "allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth", - "allow_anonymous_certs": "= global.provider.service.allow_anonymous", - "secret_token": "= secret :webapp_secret_token" - }, - "stunnel": { - "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" - }, - "haproxy": { - "local_ports": "= stunnel.couch_client.field(:accept_port)" - }, - "definition_files": { - "provider": "= file :provider_json_template", - "eip_service": "= file :eip_service_json_template" - }, - "service_type": "public_service", - "api": { - "domain": "= 'api.' + domain.full_suffix", - "port": "4430" - }, - "dns": { - "aliases": "= [domain.full, api.domain]" - }, - "x509": { - "use": true, - "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'", - "client_ca_cert": "= file_path :client_ca_cert", - "client_ca_key": "= file_path :client_ca_key", - "commercial_cert": "= file [:commercial_cert, domain.full_suffix]", - "commercial_key": "= file [:commercial_key, domain.full_suffix]", - "commercial_ca_cert": "= try_file :commercial_ca_cert" - } -}
\ No newline at end of file diff --git a/test/leap_platform/puppet/BLAH b/test/leap_platform/puppet/BLAH deleted file mode 100644 index e69de29..0000000 --- a/test/leap_platform/puppet/BLAH +++ /dev/null diff --git a/test/provider/Leapfile b/test/provider/Leapfile index 5172af9..abab946 100644 --- a/test/provider/Leapfile +++ b/test/provider/Leapfile @@ -1 +1 @@ -@platform_directory = '../leap_platform'
\ No newline at end of file +@platform_directory_path = '../../../leap_platform'
\ No newline at end of file diff --git a/test/provider/files/cert/bitmask.net.crt b/test/provider/files/cert/bitmask.net.crt new file mode 100644 index 0000000..f3aaae4 --- /dev/null +++ b/test/provider/files/cert/bitmask.net.crt @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICZzCCAdCgAwIBAgIRAPF3nvtTiGL4Z/z8rrJ2OKAwDQYJKoZIhvcNAQELBQAw +SjEQMA4GA1UECgwHQml0bWFzazEcMBoGA1UECwwTaHR0cHM6Ly9iaXRtYXNrLm5l +dDEYMBYGA1UEAwwPQml0bWFzayBSb290IENBMB4XDTE2MDQwOTAwMDAwMFoXDTE3 +MDQwOTAwMDAwMFowKDEQMA4GA1UECgwHQml0bWFzazEUMBIGA1UEAwwLYml0bWFz +ay5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMcuc0zp/JMOkZZXmaH/ +/ABBtc3i79OD90LRk4AEXZ7X46Ougw92qeHvX8worEHgpiPxzlj2QETrH25ljuqK +e/nDpHwO/43couFFliq3VnLLBDJvYzL5byTd5V0bs/q4tl5CUYt1j6Xg4ses/Hv3 +cHyNqNQKfVJuyeWdZhtNizhHAgMBAAGjbzBtMB0GA1UdDgQWBBTB0njg6dZRnf/Z +dO7EBRUy2+fBpTALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCQYD +VR0TBAIwADAfBgNVHSMEGDAWgBQCuoulI/QMOR5z5nDOeXoOzkZtOjANBgkqhkiG +9w0BAQsFAAOBgQAQ9EWhZJqLKLwCTOG0AD5+KwpbAkhHgdO3BXcMJAqLhjezmd9c +cHQ/DZ/BSKmIm0eV6UsnxOBy9lZNIL1KqpazUyCgcCPDwDhd8Ihgk0x5ciNHgCFq +6rCQ3kQVPVJZ2S2gQLOKJz1a0muMBE5KmIEL0ZMgqpn97YHgrOMCIjoM9g== +-----END CERTIFICATE----- diff --git a/test/provider/files/cert/bitmask.net.csr b/test/provider/files/cert/bitmask.net.csr new file mode 100644 index 0000000..d106cb1 --- /dev/null +++ b/test/provider/files/cert/bitmask.net.csr @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBpjCCAQ8CAQAwKDEQMA4GA1UECgwHQml0bWFzazEUMBIGA1UEAwwLYml0bWFz +ay5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMcuc0zp/JMOkZZXmaH/ +/ABBtc3i79OD90LRk4AEXZ7X46Ougw92qeHvX8worEHgpiPxzlj2QETrH25ljuqK +e/nDpHwO/43couFFliq3VnLLBDJvYzL5byTd5V0bs/q4tl5CUYt1j6Xg4ses/Hv3 +cHyNqNQKfVJuyeWdZhtNizhHAgMBAAGgPjA8BgkqhkiG9w0BCQ4xLzAtMAkGA1Ud +EwQCMAAwCwYDVR0PBAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3 +DQEBCwUAA4GBAFnt0V7+qyPfQZQGF12DdCy0t3MRqFVQbcIegNPshKWP1GIruVMX +ltJmTB1oVqVQ8Pmj0lIAbCrudHBqblnUUt1tME1JmWgH9wQtDaP5jnATJ1DQGMl1 +bQJQdiSE3/VGSeHn3K/XY7Yk2kmWZ3mzf1AwCmpwrn4SxIPiGcYa+21U +-----END CERTIFICATE REQUEST----- diff --git a/test/provider/files/cert/bitmask.net.key b/test/provider/files/cert/bitmask.net.key new file mode 100644 index 0000000..877f781 --- /dev/null +++ b/test/provider/files/cert/bitmask.net.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXwIBAAKBgQDHLnNM6fyTDpGWV5mh//wAQbXN4u/Tg/dC0ZOABF2e1+OjroMP +dqnh71/MKKxB4KYj8c5Y9kBE6x9uZY7qinv5w6R8Dv+N3KLhRZYqt1ZyywQyb2My ++W8k3eVdG7P6uLZeQlGLdY+l4OLHrPx793B8jajUCn1SbsnlnWYbTYs4RwIDAQAB +AoGBAKOKXh0+2aUdByi8EGbVOeI0EcRUmrm+1txEG6m26++qLzyL4wxlUCM0WiHV +G2qTu5Yzykt9FVQBAbOxK2EkB5mezLxGhnR24bPcpvDAqWy/dKBQ5t4hARKdgw4A +2iyhojno7aB/inP3ViTNvr/Kg77XyUgIq7fsLa8AsXJo0FAxAkEA5bye9XAYa29w +uK64rrtaflWcUqeejl9BQtrAKQmlRHC3uKxmWv260fn2OZzYwsNdD96y8YKeFS6g +65jj/eMPgwJBAN3znApBwUBDw4dX8ZLz2AC1P3ikQPGu+ySSf5+NJPUU3pgl6eL6 +pGaxplbDpFdvxgsfyxeSgNsFd/zmrD+v9O0CQQDjbTy3oIasJKAkU+NEJvjIxBuC +v6j5LFdAxakhdwkCnctiqFiTj0cYgyk7k4gKFrjT8xSWfUXdllF7qdlaByPdAkEA +t37+FKTERoM/lhepCxs6C2vNa8owPx+xVk0f4iLo2Q5F8Xf248bgQF7C7JyWtAse +qnfAil5+1ZSx3I5A/e5VCQJBALWoaVH/laZinIWgka9TngD0BtLPvYjoH7iLSpAK +STdh5IdwlcCKq/TzC+DpRYsEJM2wHEC+0nOLDp8xDwYPHfw= +-----END RSA PRIVATE KEY----- diff --git a/test/provider/files/cert/commercial_ca.crt b/test/provider/files/cert/commercial_ca.crt new file mode 100644 index 0000000..468941e --- /dev/null +++ b/test/provider/files/cert/commercial_ca.crt @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICbDCCAdWgAwIBAgIBATANBgkqhkiG9w0BAQ0FADBKMRAwDgYDVQQKDAdCaXRt +YXNrMRwwGgYDVQQLDBNodHRwczovL2JpdG1hc2submV0MRgwFgYDVQQDDA9CaXRt +YXNrIFJvb3QgQ0EwIBcNMTYwNDA5MDAwMDAwWhgPMjExNjA0MDkwMDAwMDBaMEox +EDAOBgNVBAoMB0JpdG1hc2sxHDAaBgNVBAsME2h0dHBzOi8vYml0bWFzay5uZXQx +GDAWBgNVBAMMD0JpdG1hc2sgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEArDu+1XWnEHS9CsemL6wuFZ09vY59SpXcpkMEOYLl+H5HibLsjt7PkDCi +x4Bmf/0Mvlk5bft7VGHKtRbIe5/vIyA7IyIX76IHsX2iWASS4HaUE4ERtFTqE+2b +x5N0/r5mYJCIhRslZdcAvzVb6NbujsQHU7NSRMOjBofVk1oYn+8CAwEAAaNgMF4w +HQYDVR0OBBYEFAK6i6Uj9Aw5HnPmcM55eg7ORm06MA4GA1UdDwEB/wQEAwICBDAM +BgNVHRMEBTADAQH/MB8GA1UdIwQYMBaAFAK6i6Uj9Aw5HnPmcM55eg7ORm06MA0G +CSqGSIb3DQEBDQUAA4GBAD7cxb1nmhtfHfA4KnnK25dkHygMhqihj2xby3dLtAMO +BuataWvN4ssgrUs7XdZRdagI2W2jA7RyLX8hFo+F2A0CRzYNwHl+Ffa2GuZko6M9 +4Muo4aEs7/h20jsxVFLezTGwN7lcyA8FoueGkCUXMm8WAAL0Id1hk+3ek70ywewh +-----END CERTIFICATE----- diff --git a/test/provider/files/service-definitions/provider.json.erb b/test/provider/files/service-definitions/provider.json.erb deleted file mode 100644 index 96953c5..0000000 --- a/test/provider/files/service-definitions/provider.json.erb +++ /dev/null @@ -1,39 +0,0 @@ -<%= - hsh = {} - - # grab some fields from provider.json - hsh = global.provider.pick(:languages, :description, :name, :enrollment_policy) - - # typically this is specified in common.json - hsh['domain'] = domain.full_suffix - - # advertise services that are 'user services' - hsh['services'] = global.services[:service_type => :user_service].field(:name) - - hsh['api_version'] = "1" - hsh['api_uri'] = "https://" + api_domain - - #hsh['ca_cert_uri'] = - #hsh['ca_cert_fingerprint'] = - - # { - # "serial": 1, - # "version": "0.1.0", - # "domain": "springbok", - # "languages": ["en"], - # "display_name": { - # "en": "Test Provider" - # }, - # "description": { - # "en": "This is a test provider" - # }, - # "enrollment_policy": "open", - # "services": ["eip"], - # "api_version": "1.0.0", - # "api_uri": "https://94.103.43.3", - # "ca_cert_fingerprint": "SHA256 Fingerprint=19:F1:44:AA:57:DD:59:65:3B:07:5F:25:5D:02:D2:3F:FB:E6:A6:DA:FE:67:35:F2:7D:D7:8B:0E:BF:2B:E5:3C", - # "ca_cert_uri": "https://springbok/ca.crt" - # } - - JSON.sorted_generate hsh -%>
\ No newline at end of file diff --git a/test/provider/nodes/ns1.json b/test/provider/nodes/ns1.json index c74bd40..8a9f0df 100644 --- a/test/provider/nodes/ns1.json +++ b/test/provider/nodes/ns1.json @@ -3,5 +3,6 @@ // { "services": "dns", - "ip_address": "1.1.1.1" + "ip_address": "1.1.1.1", + "tags": "seattle" }
\ No newline at end of file diff --git a/test/provider/nodes/ns2.json b/test/provider/nodes/ns2.json index c051b95..b6d5dae 100644 --- a/test/provider/nodes/ns2.json +++ b/test/provider/nodes/ns2.json @@ -3,5 +3,6 @@ // { "services": "dns", - "ip_address": "1.1.1.2" + "ip_address": "1.1.1.2", + "tags": "saopaulo" }
\ No newline at end of file diff --git a/test/provider/nodes/pcouch1.json b/test/provider/nodes/pcouch1.json index 35ea3aa..b0cf215 100644 --- a/test/provider/nodes/pcouch1.json +++ b/test/provider/nodes/pcouch1.json @@ -1,5 +1,5 @@ { - "tags": "production", + "tags": ["production", "seattle"], "services": "couchdb", "ip_address": "11.0.0.2" } diff --git a/test/provider/provider.json b/test/provider/provider.json index 4fff3bf..d0f8abf 100644 --- a/test/provider/provider.json +++ b/test/provider/provider.json @@ -11,5 +11,21 @@ }, "languages": ["en"], "default_language": "en", - "enrollment_policy": "open" -}
\ No newline at end of file + "enrollment_policy": "open", + "contacts": { + "default": "root@localhost" + }, + "ca": { + "bit_size": 1024, + "client_certificates": { + "bit_size": 1024, + "life_span": "100 years" + }, + "life_span": "100 years", + "server_certificates": { + "bit_size": 1024, + "digest": "SHA256", + "life_span": "100 years" + } + } +} diff --git a/test/provider/secrets.json b/test/provider/secrets.json index fd7bd65..ffadc24 100644 --- a/test/provider/secrets.json +++ b/test/provider/secrets.json @@ -1,5 +1,54 @@ { - "couch_admin_password": "Wf@W&@fQeK@qcItm-9fH~9ve8A4V5Dua", - "couch_ca_daemon_password": "jc7BQumjI7fs~naLrS_&%@bWImGz75+I", - "couch_webapp_password": "rXYr3RfJyqutsLZ6zQZ=&@WPXWnvdMpe" + "default": { + "api_monitor_auth_token": "UrmuBDZkA9XTsfaq4kpjbtshHY5daUxX", + "couch_admin_password": "TDMmtYBmm4r5dI4VXPXnxXsKkLfFPEPR", + "couch_admin_password_salt": "8b2db5d295e54bdef430aae96b955845", + "couch_leap_mx_password": "YXhAyvm57XgwhIZNYqxF3g8ykzhkg4SF", + "couch_leap_mx_password_salt": "ef432b612887112fd227de859ab78521", + "couch_nickserver_password": "sjNIQ98ymFwaAHyIX4XJKraNmwdHgBw9", + "couch_nickserver_password_salt": "7b932afd1c2ffc42763d340e4e8b2bcd", + "couch_replication_password": "UZne4MrH5HzNAamMeYReHjW7LJLabDZJ", + "couch_replication_password_salt": "341d5e378e3a1bffaa709dcca9bcd465", + "couch_soledad_password": "wVLLKJCLzmbkPNfzhLbPy3gjWhhBMRhF", + "couch_soledad_password_salt": "e40a4751078ffa0f364a77a486d0dc4c", + "couch_webapp_password": "LRQUHweyjIFnELw4sQT8pveEUqKhIxLU", + "couch_webapp_password_salt": "fbb4fa950d30e524b10775c6aa712564", + "nagios_test_password": "4XpCbaFbcAAcfPqAqMtXMdMpUWengLEk", + "webapp_secret_token": "BzWmcgK4Xf7xgmkdYHZK2qKBM2YT2ffM" + }, + "local": { + "api_monitor_auth_token": "BUKNpTd9CPWcebeIXcSrmUmcXZZw3HEz", + "couch_admin_password": "mw2yxDQWw2HzTn5cIkBVnJhZJ5VXVEgZ", + "couch_admin_password_salt": "bbacf42821cee0af5a2fd638d014f939", + "couch_leap_mx_password": "Ray9PHuEUKscNQsIenpsfgbM2u2WBzPq", + "couch_leap_mx_password_salt": "d0dc07939c3f45a57954343f0e5fa13a", + "couch_nickserver_password": "pbXQcHXQ5cR9xwk9xsAwMCQ8mfLpvMmE", + "couch_nickserver_password_salt": "70cbc22a8603732bb6161f6e978d4abe", + "couch_replication_password": "aDgQI87unwHqkJWPxchayQpf7taUPTYe", + "couch_replication_password_salt": "6faaec5dc8c0ac5db9da91e01fc379a8", + "couch_soledad_password": "uEN8sfF3xXbhHg2WjpCVQyUy7LrkfTnA", + "couch_soledad_password_salt": "0db6d77f631df372bacc63dddea89e55", + "couch_webapp_password": "RT7D7KTjzuVdXXs5HDYTIMpdDFfJKeZu", + "couch_webapp_password_salt": "d8a7fb6c2f258137a4946ccb931d4e53", + "nagios_test_password": "FfbLyjPIQUBDvnHtVNCwHZsZ9UYfZdqa", + "scramblesuit_password_vpn1": "GJ2TSRLYKJLVAU2JKNNEIYSDKBKEGZ2R", + "scramblesuit_port_vpn1": 31531 + }, + "production": { + "api_monitor_auth_token": "TFkfYQHp5AMJmSY27YrPngg7sk5DtvBB", + "couch_admin_password": "Hqu7IhKmFHVpHU9pgTHffQYzh7ZWHc5B", + "couch_admin_password_salt": "8e7865b9e5263d06e1f74aea3dd44dd2", + "couch_leap_mx_password": "AMrrWcKnFbbhaBj4MxxgTFeHnNnHjQay", + "couch_leap_mx_password_salt": "2960d63958d067654be8c8d44131cd94", + "couch_nickserver_password": "WPUfpbEHu4d5FHTWgrefgrYHaKCsQKYX", + "couch_nickserver_password_salt": "983b745e70c31d811c876ca2c44d2ed0", + "couch_replication_password": "ImeBu2DIA3gRbrHcqHgzsFBYHkwbeJQS", + "couch_replication_password_salt": "54c09b42eb697972a4d7faabc9b4f2a6", + "couch_soledad_password": "fNbUdYdErwnfFCKZUHLBaLmYfnxIjEbW", + "couch_soledad_password_salt": "81cab24a5881de53ac79b4797b467d9f", + "couch_webapp_password": "8tFtJ84rYa59ECjrMbVUQVCjp4YhhK7F", + "couch_webapp_password_salt": "559eeeaa6ccd25169c9358c6c90eb24b", + "nagios_test_password": "8cuLRjYICKFPe4YaKwk22EytRsjQKP9X", + "webapp_secret_token": "4UQKXV94xqtFVkNSCqrphdNFJaPkQBx8" + } } diff --git a/test/provider/tags/saopaulo.json b/test/provider/tags/saopaulo.json new file mode 100644 index 0000000..ef1a4d5 --- /dev/null +++ b/test/provider/tags/saopaulo.json @@ -0,0 +1,8 @@ +{ + "location": { + "name": "São Paulo", + "country_code": "BR", + "timezone":"-3", + "hemisphere": "S" + } +} diff --git a/test/provider/tags/seattle.json b/test/provider/tags/seattle.json new file mode 100644 index 0000000..b992419 --- /dev/null +++ b/test/provider/tags/seattle.json @@ -0,0 +1,8 @@ +{ + "location": { + "name": "Seattle, WA", + "country_code": "US", + "timezone":"-7", + "hemisphere": "N" + } +} diff --git a/test/provider/users/duck/duck_ssh.pub b/test/provider/users/duck/duck_ssh.pub new file mode 100644 index 0000000..591f614 --- /dev/null +++ b/test/provider/users/duck/duck_ssh.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDezTqhg/zFkGOQia0QRVRaDUmgdc73CEXadwVgYN41PITesjQinyT4hMOO8BJZVV70W1dWWCtT2j3JTFWLvhpgbjlYdiG676i9UpARvHTdt1FTAmlWfEfKvhDTqPByFyUooYfXBbpcZtqw+5ChP/lIjfWmfUVS3phTm5LzMetWTXY//dmuF+sHU9ZAWvrkYVI+IuJvb3mxv+CEbpS5s9yTS56qPP2czETbANoXsbBa29Ag+x22X/OiEUZ/mAfEuqBGh2uKH+9I/HhjorXSflYcwVhgA5P6QAhZEKU+B/PprIX/dF0HZLayJ6Y+0E7uUzNKxHupHmPI03VbxRO74K9t duck@home diff --git a/test/test_helper.rb b/test/test_helper.rb index ee687a9..b9a2c9e 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -3,16 +3,26 @@ require File.expand_path('../../lib/leap_cli/load_paths', __FILE__) require 'bundler/setup' require 'minitest/autorun' require 'leap_cli' +require 'gli' + +DEBUG = true + +module LeapCli::Commands + extend GLI::App +end class Minitest::Test attr_accessor :ruby_path # Add global extensions to the test case class here + def initialize(*args) + super(*args) + LeapCli::Bootstrap::setup([], test_provider_path) + LeapCli::Bootstrap::load_libraries(LeapCli::Commands) + end + def setup - LeapCli.leapfile.load(test_provider_path) - LeapCli::Path.set_platform_path(LeapCli.leapfile.platform_directory_path) - LeapCli::Path.set_provider_path(LeapCli.leapfile.provider_directory_path) end def manager @@ -35,10 +45,6 @@ class Minitest::Test `cd #{test_provider_path} && #{ruby_path} #{base_path}/bin/leap --no-color #{args.join ' '}` end - #def test_platform_path - # "#{base_path}/test/leap_platform" - #end - def test_provider_path "#{base_path}/test/provider" end diff --git a/test/unit/config_object_list_test.rb b/test/unit/config_object_list_test.rb index a0ee3fc..9b6e09f 100644 --- a/test/unit/config_object_list_test.rb +++ b/test/unit/config_object_list_test.rb @@ -10,11 +10,11 @@ class ConfigObjectListTest < Minitest::Test def test_complex_node_search domain = provider.domain - nodes = manager.nodes['x509.use' => true] + nodes = manager.nodes['location.country_code' => 'US'] assert nodes.size != manager.nodes.size, 'should not return all nodes' - assert nodes.size > 2, 'should be some nodes' + assert_equal 2, nodes.size, 'should be some nodes' expected = manager.nodes.collect {|name, node| - if node.x509.use + if node['location.country_code'] == 'US' node.domain.full end }.compact |