summaryrefslogtreecommitdiff
path: root/tests/white-box
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2014-12-23 16:47:35 -0500
committerMicah Anderson <micah@leap.se>2014-12-23 16:47:35 -0500
commit574a0554a95ba74867ebd0ca4a93195bfa104c14 (patch)
treefd07b5b2ec8b32e82aa665dad117ee6e51791884 /tests/white-box
parent126faf8606f4911ccc3c1f55a9e0f381a46d536a (diff)
parentfc9a8af17d927085486052a53233401c42b0caab (diff)
Merge branch 'develop'
Conflicts: platform.rb Change-Id: Ic2e08e594d29a585691341c8667ac0b64933a505
Diffstat (limited to 'tests/white-box')
-rw-r--r--tests/white-box/couchdb.rb88
-rw-r--r--tests/white-box/mx.rb50
-rw-r--r--tests/white-box/network.rb51
-rw-r--r--tests/white-box/openvpn.rb4
-rw-r--r--tests/white-box/soledad.rb17
-rw-r--r--tests/white-box/webapp.rb142
6 files changed, 262 insertions, 90 deletions
diff --git a/tests/white-box/couchdb.rb b/tests/white-box/couchdb.rb
index 9d5da94f..450c4201 100644
--- a/tests/white-box/couchdb.rb
+++ b/tests/white-box/couchdb.rb
@@ -1,4 +1,4 @@
-raise SkipTest unless $node["services"].include?("couchdb")
+raise SkipTest unless service?(:couchdb)
require 'json'
@@ -9,9 +9,11 @@ class CouchDB < LeapTest
end
def test_00_Are_daemons_running?
- assert_running 'tapicero'
- assert_running 'bin/beam'
- assert_running 'bin/epmd'
+ assert_running '^tapicero', :single => true
+ if multimaster?
+ assert_running 'bin/beam'
+ assert_running 'bin/epmd'
+ end
pass
end
@@ -29,6 +31,7 @@ class CouchDB < LeapTest
# compare the configured nodes to the nodes that are actually listed in bigcouch
#
def test_02_Is_cluster_membership_ok?
+ return unless multimaster?
url = couchdb_backend_url("/nodes/_all_docs")
neighbors = assert_property('couch.bigcouch.neighbors')
neighbors << assert_property('domain.full')
@@ -48,7 +51,8 @@ class CouchDB < LeapTest
# this seems backward to me, so it might be the other way around.
#
def test_03_Are_configured_nodes_online?
- url = couchdb_url("/_membership")
+ return unless multimaster?
+ url = couchdb_url("/_membership", :username => 'admin')
assert_get(url) do |body|
response = JSON.parse(body)
nodes_configured_but_not_available = response['cluster_nodes'] - response['all_nodes']
@@ -66,11 +70,11 @@ class CouchDB < LeapTest
end
def test_04_Do_ACL_users_exist?
- acl_users = ['_design/_auth', 'leap_mx', 'nickserver', 'soledad', 'tapicero', 'webapp']
- url = couchdb_backend_url("/_users/_all_docs")
+ acl_users = ['_design/_auth', 'leap_mx', 'nickserver', 'soledad', 'tapicero', 'webapp', 'replication']
+ url = couchdb_backend_url("/_users/_all_docs", :username => 'admin')
assert_get(url) do |body|
response = JSON.parse(body)
- assert_equal 6, response['total_rows']
+ assert_equal acl_users.count, response['total_rows']
actual_users = response['rows'].map{|row| row['id'].sub(/^org.couchdb.user:/, '') }
assert_equal acl_users.sort, actual_users.sort
end
@@ -80,7 +84,8 @@ class CouchDB < LeapTest
def test_05_Do_required_databases_exist?
dbs_that_should_exist = ["customers","identities","keycache","sessions","shared","tickets","tokens","users"]
dbs_that_should_exist.each do |db_name|
- assert_get(couchdb_url("/"+db_name)) do |body|
+ url = couchdb_url("/"+db_name, :username => 'admin')
+ assert_get(url) do |body|
assert response = JSON.parse(body)
assert_equal db_name, response['db_name']
end
@@ -88,22 +93,63 @@ class CouchDB < LeapTest
pass
end
- private
+ # disable ACL enforcement, because it's a known issue with bigcouch
+ # and will only confuse the user
+ # see https://leap.se/code/issues/6030 for more details
+ #
+ ## for now, this just prints warnings, since we are failing these tests.
+ ##
- def couchdb_url(path="", port=nil)
- @port ||= begin
- assert_property 'couch.port'
- $node['couch']['port']
- end
- @password ||= begin
- assert_property 'couch.users.admin.password'
- $node['couch']['users']['admin']['password']
+ #def test_06_Is_ACL_enforced?
+ # ok = assert_auth_fail(
+ # couchdb_url('/users/_all_docs', :username => 'leap_mx'),
+ # {:limit => 1}
+ # )
+ # ok = assert_auth_fail(
+ # couchdb_url('/users/_all_docs', :username => 'leap_mx'),
+ # {:limit => 1}
+ # ) && ok
+ # pass if ok
+ #end
+
+ def test_07_Can_records_be_created?
+ token = Token.new
+ url = couchdb_url("/tokens", :username => 'admin')
+ assert_post(url, token, :format => :json) do |body|
+ assert response = JSON.parse(body), "POST response should be JSON"
+ assert response["ok"], "POST response should be OK"
+ assert_delete(File.join(url, response["id"]), :rev => response["rev"]) do |body|
+ assert response = JSON.parse(body), "DELETE response should be JSON"
+ assert response["ok"], "DELETE response should be OK"
+ end
end
- "http://admin:#{@password}@localhost:#{port || @port}#{path}"
+ pass
+ end
+
+ private
+
+ def multimaster?
+ mode == "multimaster"
+ end
+
+ def mode
+ assert_property('couch.mode')
+ end
+
+ # TODO: admin port is hardcoded for now but should be configurable.
+ def couchdb_backend_url(path="", options={})
+ options = {port: multimaster? && "5986"}.merge options
+ couchdb_url(path, options)
end
- def couchdb_backend_url(path="")
- couchdb_url(path, "5986") # TODO: admin port is hardcoded for now but should be configurable.
+ require 'securerandom'
+ require 'digest/sha2'
+ class Token < Hash
+ def initialize
+ self['token'] = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '')
+ self['_id'] = Digest::SHA512.hexdigest(self['token'])
+ self['last_seen_at'] = Time.now
+ end
end
end
diff --git a/tests/white-box/mx.rb b/tests/white-box/mx.rb
new file mode 100644
index 00000000..794a9a41
--- /dev/null
+++ b/tests/white-box/mx.rb
@@ -0,0 +1,50 @@
+raise SkipTest unless service?(:mx)
+
+require 'json'
+
+class Mx < LeapTest
+ depends_on "Network"
+
+ def setup
+ end
+
+ def test_01_Can_contact_couchdb?
+ dbs = ["identities"]
+ dbs.each do |db_name|
+ couchdb_urls("/"+db_name, url_options).each do |url|
+ assert_get(url) do |body|
+ assert response = JSON.parse(body)
+ assert_equal db_name, response['db_name']
+ end
+ end
+ end
+ pass
+ end
+
+ def test_02_Can_contact_couchdb_via_haproxy?
+ if property('haproxy.couch')
+ url = couchdb_url_via_haproxy("", url_options)
+ assert_get(url) do |body|
+ assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message."
+ end
+ pass
+ end
+ end
+
+ def test_03_Are_MX_daemons_running?
+ assert_running 'leap_mx'
+ assert_running '/usr/lib/postfix/master'
+ assert_running '/usr/sbin/unbound'
+ pass
+ end
+
+ private
+
+ def url_options
+ {
+ :username => property('couchdb_leap_mx_user.username'),
+ :password => property('couchdb_leap_mx_user.password')
+ }
+ end
+
+end
diff --git a/tests/white-box/network.rb b/tests/white-box/network.rb
index e0b0339d..f2041710 100644
--- a/tests/white-box/network.rb
+++ b/tests/white-box/network.rb
@@ -26,38 +26,35 @@ class Network < LeapTest
# connect: "127.0.0.1:5984"
#
def test_02_Is_stunnel_running?
- if $node['stunnel']
- good_stunnel_pids = []
- $node['stunnel'].each do |stunnel_type, stunnel_configs|
- if stunnel_type =~ /_clients?$/
- stunnel_configs.each do |stunnel_name, stunnel_conf|
- config_file_name = "/etc/stunnel/#{stunnel_name}.conf"
- processes = pgrep(config_file_name)
- assert_equal 6, processes.length, "There should be six stunnel processes running for `#{config_file_name}`"
- good_stunnel_pids += processes.map{|ps| ps[:pid]}
- assert port = stunnel_conf['accept_port'], 'Field `accept_port` must be present in `stunnel` property.'
- assert_tcp_socket('localhost', port)
- end
- elsif stunnel_type =~ /_server$/
- config_file_name = "/etc/stunnel/#{stunnel_type}.conf"
- processes = pgrep(config_file_name)
- assert_equal 6, processes.length, "There should be six stunnel processes running for `#{config_file_name}`"
- good_stunnel_pids += processes.map{|ps| ps[:pid]}
- assert accept = stunnel_configs['accept'], "Field `accept` must be present in property `stunnel.#{stunnel_type}`"
- assert_tcp_socket('localhost', accept)
- assert connect = stunnel_configs['connect'], "Field `connect` must be present in property `stunnel.#{stunnel_type}`"
- assert_tcp_socket(*connect.split(':'))
- else
- skip "Unknown stunnel type `#{stunnel_type}`"
- end
+ ignore unless $node['stunnel']
+ good_stunnel_pids = []
+ $node['stunnel']['clients'].each do |stunnel_type, stunnel_configs|
+ stunnel_configs.each do |stunnel_name, stunnel_conf|
+ config_file_name = "/etc/stunnel/#{stunnel_name}.conf"
+ processes = pgrep(config_file_name)
+ assert_equal 6, processes.length, "There should be six stunnel processes running for `#{config_file_name}`"
+ good_stunnel_pids += processes.map{|ps| ps[:pid]}
+ assert port = stunnel_conf['accept_port'], 'Field `accept_port` must be present in `stunnel` property.'
+ assert_tcp_socket('localhost', port)
end
- all_stunnel_pids = pgrep('/usr/bin/stunnel').collect{|process| process[:pid]}.uniq
- assert_equal good_stunnel_pids.sort, all_stunnel_pids.sort, "There should not be any extra stunnel processes that are not configured in /etc/stunnel"
- pass
end
+ $node['stunnel']['servers'].each do |stunnel_name, stunnel_conf|
+ config_file_name = "/etc/stunnel/#{stunnel_name}.conf"
+ processes = pgrep(config_file_name)
+ assert_equal 6, processes.length, "There should be six stunnel processes running for `#{config_file_name}`"
+ good_stunnel_pids += processes.map{|ps| ps[:pid]}
+ assert accept_port = stunnel_conf['accept_port'], "Field `accept` must be present in property `stunnel.servers.#{stunnel_name}`"
+ assert_tcp_socket('localhost', accept_port)
+ assert connect_port = stunnel_conf['connect_port'], "Field `connect` must be present in property `stunnel.servers.#{stunnel_name}`"
+ assert_tcp_socket('localhost', connect_port)
+ end
+ all_stunnel_pids = pgrep('/usr/bin/stunnel').collect{|process| process[:pid]}.uniq
+ assert_equal good_stunnel_pids.sort, all_stunnel_pids.sort, "There should not be any extra stunnel processes that are not configured in /etc/stunnel"
+ pass
end
def test_03_Is_shorewall_running?
+ ignore unless File.exists?('/sbin/shorewall')
assert_run('/sbin/shorewall status')
pass
end
diff --git a/tests/white-box/openvpn.rb b/tests/white-box/openvpn.rb
index 5eb2bdb5..23a40426 100644
--- a/tests/white-box/openvpn.rb
+++ b/tests/white-box/openvpn.rb
@@ -1,6 +1,6 @@
-raise SkipTest unless $node["services"].include?("openvpn")
+raise SkipTest unless service?(:openvpn)
-class Openvpn < LeapTest
+class OpenVPN < LeapTest
depends_on "Network"
def setup
diff --git a/tests/white-box/soledad.rb b/tests/white-box/soledad.rb
new file mode 100644
index 00000000..5a13e4a6
--- /dev/null
+++ b/tests/white-box/soledad.rb
@@ -0,0 +1,17 @@
+raise SkipTest unless service?(:soledad)
+
+require 'json'
+
+class Soledad < LeapTest
+ depends_on "Network"
+ depends_on "CouchDB" if service?(:couchdb)
+
+ def setup
+ end
+
+ def test_00_Is_Soledad_running?
+ assert_running 'soledad'
+ pass
+ end
+
+end
diff --git a/tests/white-box/webapp.rb b/tests/white-box/webapp.rb
index 142ac2de..9f104899 100644
--- a/tests/white-box/webapp.rb
+++ b/tests/white-box/webapp.rb
@@ -1,57 +1,29 @@
-raise SkipTest unless $node["services"].include?("webapp")
+raise SkipTest unless service?(:webapp)
-require 'socket'
+require 'json'
class Webapp < LeapTest
depends_on "Network"
- HAPROXY_CONFIG = '/etc/haproxy/haproxy.cfg'
-
def setup
end
- #
- # example properties:
- #
- # stunnel:
- # couch_client:
- # couch1_5984:
- # accept_port: 4000
- # connect: couch1.bitmask.i
- # connect_port: 15984
- #
def test_01_Can_contact_couchdb?
- assert_property('stunnel.couch_client')
- $node['stunnel']['couch_client'].values.each do |stunnel_conf|
- assert port = stunnel_conf['accept_port'], 'Field `accept_port` must be present in `stunnel` property.'
- local_stunnel_url = "http://localhost:#{port}"
- remote_ip_address = TCPSocket.gethostbyname(stunnel_conf['connect']).last
- msg = "(stunnel to %s:%s, aka %s)" % [stunnel_conf['connect'], stunnel_conf['connect_port'], remote_ip_address]
- assert_get(local_stunnel_url, nil, error_msg: msg) do |body|
- assert_match /"couchdb":"Welcome"/, body, "Request to #{local_stunnel_url} should return couchdb welcome message."
- end
+ url = couchdb_url("", url_options)
+ assert_get(url) do |body|
+ assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message."
end
pass
end
- #
- # example properties:
- #
- # haproxy:
- # servers:
- # couch1:
- # backup: false
- # host: localhost
- # port: 4000
- # weight: 10
- #
- def test_02_Is_haproxy_working?
- port = file_match(HAPROXY_CONFIG, /^ bind localhost:(\d+)$/)
- url = "http://localhost:#{port}"
- assert_get(url) do |body|
- assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message."
+ def test_02_Can_contact_couchdb_via_haproxy?
+ if property('haproxy.couch')
+ url = couchdb_url_via_haproxy("", url_options)
+ assert_get(url) do |body|
+ assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message."
+ end
+ pass
end
- pass
end
def test_03_Are_daemons_running?
@@ -60,4 +32,94 @@ class Webapp < LeapTest
pass
end
+ #
+ # this is technically a black-box test. so, move this when we have support
+ # for black box tests.
+ #
+ def test_04_Can_access_webapp?
+ assert_get('https://' + $node['webapp']['domain'] + '/')
+ pass
+ end
+
+ def test_05_Can_create_and_authenticate_and_delete_user_via_API?
+ assert_tmp_user
+ pass
+ end
+
+ def test_06_Can_sync_Soledad?
+ soledad_config = property('definition_files.soledad_service')
+ if soledad_config && !soledad_config.empty?
+ soledad_server = pick_soledad_server(soledad_config)
+ if soledad_server
+ assert_tmp_user do |user|
+ assert_user_db_exists(user)
+ command = File.expand_path "../../helpers/soledad_sync.py", __FILE__
+ soledad_url = "https://#{soledad_server}/user-#{user.id}"
+ assert_run "#{command} #{user.id} #{user.session_token} #{soledad_url}"
+ pass
+ end
+ end
+ else
+ skip 'No soledad service configuration'
+ end
+ end
+
+ private
+
+ def url_options
+ {
+ :username => property('couchdb_webapp_user.username'),
+ :password => property('couchdb_webapp_user.password')
+ }
+ end
+
+ #
+ # pick a random soledad server.
+ # I am not sure why, but using IP address directly does not work.
+ #
+ def pick_soledad_server(soledad_config_json_str)
+ soledad_config = JSON.parse(soledad_config_json_str)
+ host_name = soledad_config['hosts'].keys.shuffle.first
+ if host_name
+ hostname = soledad_config['hosts'][host_name]['hostname']
+ port = soledad_config['hosts'][host_name]['port']
+ return "#{hostname}:#{port}"
+ else
+ return nil
+ end
+ end
+
+ #
+ # returns true if the per-user db created by tapicero exists.
+ # we try three times, and give up after that.
+ #
+ def assert_user_db_exists(user)
+ last_body, last_response, last_error = nil
+ 3.times do
+ sleep 0.1
+ get(couchdb_url("/user-#{user.id}/_design/docs")) do |body, response, error|
+ last_body, last_response, last_error = body, response, error
+ if response.code.to_i == 200
+ return
+ end
+ end
+ sleep 0.2
+ end
+ assert false, "Could not find user db for test user #{user.username}\nuuid=#{user.id}\nHTTP #{last_response.code} #{last_error} #{last_body}"
+ end
+
+ #
+ # I tried, but couldn't get this working:
+ # #
+ # # get an CSRF authenticity token
+ # #
+ # url = api_url("/")
+ # csrf_token = nil
+ # assert_get(url) do |body|
+ # lines = body.split("\n").grep(/csrf-token/)
+ # assert lines.any?, 'failed to find csrf-token'
+ # csrf_token = lines.first.split('"')[1]
+ # assert csrf_token, 'failed to find csrf-token'
+ # end
+
end