moved infrastructure tests run by `leap run` to tests/server-tests

7 files changed, 0 insertions, 748 deletions

diff --git a/tests/white-box/couchdb.rb b/tests/white-box/couchdb.rb
deleted file mode 100644
index 44a2769b..00000000
--- a/tests/white-box/couchdb.rb
+++ /dev/null
@@ -1,169 +0,0 @@
-raise SkipTest unless service?(:couchdb)
-
-require 'json'
-
-class CouchDB < LeapTest
-  depends_on "Network"
-
-  def setup
-  end
-
-  def test_00_Are_daemons_running?
-    assert_running 'bin/beam'
-    if multimaster?
-      assert_running 'bin/epmd'
-    end
-    pass
-  end
-
-  #
-  # check to make sure we can get welcome response from local couchdb
-  #
-  def test_01_Is_CouchDB_running?
-    assert_get(couchdb_url) do |body|
-      assert_match /"couchdb":"Welcome"/, body, "Could not get welcome message from #{couchdb_url}. Probably couchdb is not running."
-    end
-    pass
-  end
-
-  #
-  # all configured nodes are in 'cluster_nodes'
-  # all nodes online and communicating are in 'all_nodes'
-  #
-  # this seems backward to me, so it might be the other way around.
-  #
-  def test_03_Are_configured_nodes_online?
-    return unless multimaster?
-    url = couchdb_url("/_membership", :username => 'admin')
-    assert_get(url) do |body|
-      response = JSON.parse(body)
-      nodes_configured_but_not_available = response['cluster_nodes'] - response['all_nodes']
-      nodes_available_but_not_configured = response['all_nodes'] - response['cluster_nodes']
-      if nodes_configured_but_not_available.any?
-        warn "These nodes are configured but not available:", nodes_configured_but_not_available
-      end
-      if nodes_available_but_not_configured.any?
-        warn "These nodes are available but not configured:", nodes_available_but_not_configured
-      end
-      if response['cluster_nodes'] == response['all_nodes']
-        pass
-      end
-    end
-  end
-
-  def test_04_Do_ACL_users_exist?
-    acl_users = ['_design/_auth', 'leap_mx', 'nickserver', 'soledad', 'webapp', 'replication']
-    url = couchdb_backend_url("/_users/_all_docs", :username => 'admin')
-    assert_get(url) do |body|
-      response = JSON.parse(body)
-      assert_equal acl_users.count, response['total_rows']
-      actual_users = response['rows'].map{|row| row['id'].sub(/^org.couchdb.user:/, '') }
-      assert_equal acl_users.sort, actual_users.sort
-    end
-    pass
-  end
-
-  def test_05_Do_required_databases_exist?
-    dbs_that_should_exist = ["customers","identities","keycache","shared","tickets","users", "tmp_users"]
-    dbs_that_should_exist << "tokens_#{rotation_suffix}"
-    dbs_that_should_exist << "sessions_#{rotation_suffix}"
-    dbs_that_should_exist.each do |db_name|
-      url = couchdb_url("/"+db_name, :username => 'admin')
-      assert_get(url) do |body|
-        assert response = JSON.parse(body)
-        assert_equal db_name, response['db_name']
-      end
-    end
-    pass
-  end
-
-  # disable ACL enforcement, because it's a known issue with bigcouch
-  # and will only confuse the user
-  # see https://leap.se/code/issues/6030 for more details
-  #
-  ## for now, this just prints warnings, since we are failing these tests.
-  ##
-
-  #def test_06_Is_ACL_enforced?
-  #  ok = assert_auth_fail(
-  #    couchdb_url('/users/_all_docs', :username => 'leap_mx'),
-  #    {:limit => 1}
-  #  )
-  #  ok = assert_auth_fail(
-  #    couchdb_url('/users/_all_docs', :username => 'leap_mx'),
-  #    {:limit => 1}
-  #  ) && ok
-  #  pass if ok
-  #end
-
-  def test_07_Can_records_be_created?
-    record = DummyRecord.new
-    url = couchdb_url("/tokens_#{rotation_suffix}", :username => 'admin')
-    assert_post(url, record, :format => :json) do |body|
-      assert response = JSON.parse(body), "POST response should be JSON"
-      assert response["ok"], "POST response should be OK"
-      assert_delete(File.join(url, response["id"]), :rev => response["rev"]) do |body|
-        assert response = JSON.parse(body), "DELETE response should be JSON"
-        assert response["ok"], "DELETE response should be OK"
-      end
-    end
-    pass
-  end
-
-  #
-  # This is not really a "test", just an attempt to make sure that
-  # the mx tests that fire off dummy emails don't fill up the
-  # storage db.
-  #
-  # mx tests can't run this because they don't have access to
-  # the storage db.
-  #
-  # This "test" is responsible for both creating the db if it does not
-  # exist, and destroying if it does.
-  #
-  # Yes, this is super hacky. Properly, we should add something to
-  # the soledad api to support create/delete of user storage dbs.
-  #
-  def test_99_Delete_mail_storage_used_in_mx_tests
-    user = find_user_by_login(TEST_EMAIL_USER)
-    if user
-      if user_db_exists?(user["id"])
-        # keep the test email db from filling up:
-        assert_destroy_user_db(user["id"], :username => 'admin')
-      end
-      # either way, make sure we leave a db for the mx tests:
-      assert_create_user_db(user["id"], :username => 'admin')
-    end
-    silent_pass
-  end
-
-  private
-
-  def multimaster?
-    mode == "multimaster"
-  end
-
-  def mode
-    assert_property('couch.mode')
-  end
-
-  # TODO: admin port is hardcoded for now but should be configurable.
-  def couchdb_backend_url(path="", options={})
-    options = {port: multimaster? && "5986"}.merge options
-    couchdb_url(path, options)
-  end
-
-  def rotation_suffix
-    rotation_suffix = Time.now.utc.to_i / 2592000 # monthly
-  end
-
-  require 'securerandom'
-  require 'digest/sha2'
-  class DummyRecord < Hash
-    def initialize
-      self['data'] = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '')
-      self['_id'] = Digest::SHA512.hexdigest(self['data'])
-    end
-  end
-
-end
diff --git a/tests/white-box/dummy.rb b/tests/white-box/dummy.rb
deleted file mode 100644
index a3e8ad68..00000000
--- a/tests/white-box/dummy.rb
+++ /dev/null
@@ -1,71 +0,0 @@
-# only run in the dummy case where there is no hiera.yaml file.
-raise SkipTest unless $node["dummy"]
-
-class Robot
-  def can_shoot_lasers?
-    "OHAI!"
-  end
-
-  def can_fly?
-    "YES!"
-  end
-end
-
-class TestDummy < LeapTest
-  def setup
-    @robot = Robot.new
-  end
-
-  def test_lasers
-    assert_equal "OHAI!", @robot.can_shoot_lasers?
-    pass
-  end
-
-  def test_fly
-    refute_match /^no/i, @robot.can_fly?
-    pass
-  end
-
-  def test_fail
-    fail "fail"
-    pass
-  end
-
-  def test_01_will_be_skipped
-    skip "test this later"
-    pass
-  end
-
-  def test_socket_failure
-    assert_tcp_socket('localhost', 900000)
-    pass
-  end
-
-  def test_warn
-    block_test do
-      warn "not everything", "is a success or failure"
-    end
-  end
-
-  # used to test extracting the proper caller even when in a block
-  def block_test
-    yield
-  end
-
-  def test_socket_success
-    fork {
-      Socket.tcp_server_loop('localhost', 12345) do |sock, client_addrinfo|
-        begin
-          sock.write('hi')
-        ensure
-          sock.close
-          exit
-        end
-      end
-    }
-    sleep 0.2
-    assert_tcp_socket('localhost', 12345)
-    pass
-  end
-
-end
diff --git a/tests/white-box/mx.rb b/tests/white-box/mx.rb
deleted file mode 100644
index 0eeaacd0..00000000
--- a/tests/white-box/mx.rb
+++ /dev/null
@@ -1,271 +0,0 @@
-raise SkipTest unless service?(:mx)
-
-require 'date'
-require 'json'
-require 'net/smtp'
-
-class Mx < LeapTest
-  depends_on "Network"
-  depends_on "Webapp" if service?(:webapp)
-
-  def setup
-  end
-
-  def test_01_Can_contact_couchdb?
-    dbs = ["identities"]
-    dbs.each do |db_name|
-      couchdb_urls("/"+db_name, couch_url_options).each do |url|
-        assert_get(url) do |body|
-          assert response = JSON.parse(body)
-          assert_equal db_name, response['db_name']
-        end
-      end
-    end
-    pass
-  end
-
-  def test_02_Can_contact_couchdb_via_haproxy?
-    if property('haproxy.couch')
-      url = couchdb_url_via_haproxy("", couch_url_options)
-      assert_get(url) do |body|
-        assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message."
-      end
-      pass
-    end
-  end
-
-  #
-  # this test picks a random identity document, then queries
-  # using the by_address view for that same document again.
-  #
-  def test_03_Can_query_identities_db?
-    ident = pick_random_identity
-    address = ident['address']
-    url_base = %(/identities/_design/Identity/_view/by_address)
-    params = %(?include_docs=true&reduce=false&startkey="#{address}"&endkey="#{address}")
-    assert_get(couchdb_url(url_base+params, couch_url_options)) do |body|
-      assert response = JSON.parse(body)
-      assert record = response['rows'].first
-      assert_equal address, record['doc']['address']
-      pass
-    end
-  end
-
-  def test_04_Are_MX_daemons_running?
-    assert_running '.*/usr/bin/twistd.*mx.tac'
-    assert_running '^/usr/lib/postfix/master$'
-    assert_running '^/usr/sbin/postfwd'
-    assert_running 'postfwd2::cache$'
-    assert_running 'postfwd2::policy$'
-    assert_running '^/usr/sbin/unbound$'
-    assert_running '^/usr/bin/freshclam'
-    assert_running '^/usr/sbin/opendkim'
-    if Dir.glob("/var/lib/clamav/main.{c[vl]d,inc}").size > 0 and Dir.glob("/var/lib/clamav/daily.{c[vl]d,inc}").size > 0
-      assert_running '^/usr/sbin/clamd'
-      assert_running '^/usr/sbin/clamav-milter'
-      pass
-    else
-      skip "Downloading the clamav signature files (/var/lib/clamav/{daily,main}.{c[vl]d,inc}) is still in progress, so clamd is not running."
-    end
-  end
-
-  #
-  # TODO: test to make sure postmap returned the right result
-  #
-  def test_05_Can_postfix_query_leapmx?
-    ident = pick_random_identity(10, :with_public_key => true)
-    address = ident["address"]
-
-    #
-    # virtual alias map:
-    #
-    #   user@domain => 41c29a80a44f4775513c64ac9cab91b9@deliver.local
-    #
-    assert_run("postmap -v -q \"#{address}\" tcp:localhost:4242")
-
-    #
-    # recipient access map:
-    #
-    #   user@domain => [OK|REJECT|TEMP_FAIL]
-    #
-    # This map is queried by the mail server before delivery to the mail spool
-    # directory, and should check if the address is able to receive messages.
-    # Examples of reasons for denying delivery would be that the user is out of
-    # quota, is user, or have no pgp public key in the server.
-    #
-    # NOTE: in the future, when we support quota, we need to make sure that
-    # we don't randomly pick a user for this test that happens to be over quota.
-    #
-    assert_run("postmap -v -q \"#{address}\" tcp:localhost:2244")
-
-    #
-    # certificate validity map:
-    #
-    #  fa:2a:70:1f:d8:16:4e:1a:3b:15:c1:67:00:f0 => [200|500]
-    #
-    # Determines whether a particular SMTP client cert is authorized
-    # to relay mail, based on the fingerprint.
-    #
-    if ident["cert_fingerprints"]
-      not_expired = ident["cert_fingerprints"].select {|key, value|
-        Time.now.utc < DateTime.strptime("2016-01-03", "%F").to_time.utc
-      }
-      if not_expired.any?
-        fingerprint = not_expired.first
-        assert_run("postmap -v -q #{fingerprint} tcp:localhost:2424")
-      end
-    end
-
-    pass
-  end
-
-  #
-  # The email sent by this test might get bounced back.
-  # In this case, the test will pass, but the bounce message will
-  # get sent to root, so the sysadmin will still figure out pretty
-  # quickly that something is wrong.
-  #
-  def test_05_Can_deliver_email?
-    if pgrep('^/usr/sbin/clamd').empty? || pgrep('^/usr/sbin/clamav-milter').empty?
-      skip "Mail delivery is being deferred because clamav daemon is not running"
-    else
-      addr = [TEST_EMAIL_USER, property('domain.full_suffix')].join('@')
-      bad_addr = [TEST_BAD_USER, property('domain.full_suffix')].join('@')
-
-      assert !identity_exists?(bad_addr), "the address #{bad_addr} must not exist."
-      if !identity_exists?(addr)
-        user = assert_create_user(TEST_EMAIL_USER, :monitor)
-        upload_public_key(user.id, TEST_EMAIL_PUBLIC_KEY)
-      end
-      assert identity_exists?(addr), "The identity #{addr} should have been created, but it doesn't exist yet."
-      assert_send_email(addr)
-      assert_raises(Net::SMTPError) do
-        send_email(bad_addr)
-      end
-      pass
-    end
-  end
-
-  private
-
-  def couch_url_options
-    {
-      :username => property('couchdb_leap_mx_user.username'),
-      :password => property('couchdb_leap_mx_user.password')
-    }
-  end
-
-  #
-  # returns a random identity record that also has valid address
-  # and destination fields.
-  #
-  # options:
-  #
-  # * :with_public_key -- searches only for identities with public keys
-  #
-  # note to self: for debugging, here is the curl you want:
-  # curl --netrc "127.0.0.1:5984/identities/_design/Identity/_view/by_address?startkey=\"xxxx@leap.se\"&endkey=\"xxxx@leap.se\"&reduce=false&include_docs=true"
-  #
-  def pick_random_identity(tries=5, options={})
-    assert_get(couchdb_url("/identities", couch_url_options)) do |body|
-      assert response = JSON.parse(body)
-      doc_count = response['doc_count'].to_i
-      if doc_count <= 1
-        # the design document counts as one document.
-        skip "There are no identity documents yet."
-      else
-        # try repeatedly to get a valid doc
-        for i in 1..tries
-          offset    = rand(doc_count) # pick a random document
-          url = couchdb_url("/identities/_all_docs?include_docs=true&limit=1&skip=#{offset}", couch_url_options)
-          assert_get(url) do |body|
-            assert response = JSON.parse(body)
-            record = response['rows'].first
-            if record['id'] =~ /_design/
-              next
-            elsif record['doc'] && record['doc']['address']
-              next if record['doc']['destination'].nil? || record['doc']['destination'].empty?
-              next if options[:with_public_key] && !record_has_key?(record)
-              return record['doc']
-            else
-              fail "Identity document #{record['id']} is missing an address field. #{record['doc'].inspect}"
-            end
-          end
-        end
-        if options[:with_public_key]
-          skip "Could not find an Identity document with a public key for testing."
-        else
-          fail "Failed to find a valid Identity document (with address and destination)."
-        end
-      end
-    end
-  end
-
-  def record_has_key?(record)
-    !record['doc']['keys'].nil? &&
-    !record['doc']['keys'].empty? &&
-    !record['doc']['keys']['pgp'].nil? &&
-    !record['doc']['keys']['pgp'].empty?
-  end
-
-  TEST_EMAIL_PUBLIC_KEY=<<HERE
------BEGIN PGP PUBLIC KEY BLOCK-----
-mI0EVvzIKQEEAN4f8FOGntJGTTD+fFUQS6y/ihn6tYLtyGZZbCOd0t/9kHt/raoR
-xEUks8rCOPMqHX+yeHsvDBtDyZYTvyhtfuWrBUbYGW+QZ4Pdvo+7NyLHPW0dKsCB
-Czrx7pxqpq1oq+LpUFqpSfjJTfYaGVDNXrPK144a7Rox2+MCbgq3twnFABEBAAG0
-EiA8dGVzdF91c2VyX2VtYWlsPoi4BBMBAgAiBQJW/MgpAhsvBgsJCAcDAgYVCAIJ
-CgsEFgIDAQIeAQIXgAAKCRAqYf65XmeSk0orBADUXjEiGnjzyBpXqaiVmJr4MyfP
-IfKTK4a+4qvR+2fseD7hteF98m26i1YRI5omLp4/MnxGSpgKFKIuWIdkEiLg7IJc
-pFZVdoDVufEtzbj9gmOHlnteksbCtuESyB0Hytsba4uS9afcTJdGiPNMHeniI/SY
-UKcCcIrQmpNIoOA5OLiNBFb8yCkBBAC+WMUQ+FC6GQ+pyaWlwTRsBAT4+Tp8w9jD
-7PK4xeEmVZDirP0VkW18UeQEueWJ63ia7wIGf1WyVH1tbvgVyRLsjT2cpKo8c6Ok
-NkhfGfjTnUJPeBNy8734UDIdqZLXJl0z6Z1R0CfOjBqvV25kWUvMkz/NEgZBhE+c
-m3JuZy1k7QARAQABiQE9BBgBAgAJBQJW/MgpAhsuAKgJECph/rleZ5KTnSAEGQEC
-AAYFAlb8yCkACgkQsJSYitQUOv4w1wQAn3atI5EsmRyw6iC6UVWWJv/lKi1Priyt
-DsrdH5xUmHUgp6VU8Pw9Y6G+sv50KLfbVQ1l+8/3B71TjadsOxh+PBPsEyYpK6WX
-TVGy44IDvFWGyOod8tmfcFN9IpU5DmSk/vny9G7RK/nbnta2VnfZOzwm5i3cNkPr
-FGPL1z0K3qs0VwP+M7BXdqBRSFDDBpG1J0TrZioEjvKeOsT/Ul8mbVt7HQpcN93I
-wTO4uky0Woy2nb7SbTQw6wOpU54u7+5dSQ03ltUHg1owy6Y3CMOeFL+e9ALpAZAU
-aMwY7zMFhqlPVZZMfdMLRsdLin67RIM+OJ6A925AM52bEQT1YwkQlP4mvQY=
-=qclE
------END PGP PUBLIC KEY BLOCK-----
-HERE
-
-  TEST_EMAIL_PRIVATE_KEY = <<HERE
------BEGIN PGP PRIVATE KEY BLOCK-----
-lQHYBFb8yCkBBADeH/BThp7SRk0w/nxVEEusv4oZ+rWC7chmWWwjndLf/ZB7f62q
-EcRFJLPKwjjzKh1/snh7LwwbQ8mWE78obX7lqwVG2BlvkGeD3b6Puzcixz1tHSrA
-gQs68e6caqataKvi6VBaqUn4yU32GhlQzV6zyteOGu0aMdvjAm4Kt7cJxQARAQAB
-AAP8DTFfcE6UG1AioJDU6KZ9oCaGONHLuxmNaArSofDrR/ODA9rLAUlp22N5LEdJ
-46NyOhXrEwHx2aK2k+vbVDbgrP4ZTH7GxIK/2KzmH4zX0fWUNsaRy94Q12lJegXH
-sH2Im8Jjxu16YwGgFNTX1fCPqLB6WdQpf1796s6+/3PnCDcCAOXTCul3N7V5Yl+9
-N2Anupn+qNDXKT/kiKIZLHsMbo7EriGWReG3lLj1cOJPC6Nf0uOEri4ErSjFEadR
-F2TNITsCAPdsZjc5RGppUXyBfxhQkAnZ0r+UT2meCH3g3EVh3W9SBrXNhwipNpW3
-bPzRjUCDtmA8EOvd93oPCZv4/tb50P8B/jC+QIZ3GncP1CFPSVDoIZ7OUU5M1330
-DP77vG1GxeQvYO/hlxL5/KdtTR6m5zlIuooDxUaNJz1w5/oVjlG3NZKpl7QSIDx0
-ZXN0X3VzZXJfZW1haWw+iLgEEwECACIFAlb8yCkCGy8GCwkIBwMCBhUIAgkKCwQW
-AgMBAh4BAheAAAoJECph/rleZ5KTSisEANReMSIaePPIGlepqJWYmvgzJ88h8pMr
-hr7iq9H7Z+x4PuG14X3ybbqLVhEjmiYunj8yfEZKmAoUoi5Yh2QSIuDsglykVlV2
-gNW58S3NuP2CY4eWe16SxsK24RLIHQfK2xtri5L1p9xMl0aI80wd6eIj9JhQpwJw
-itCak0ig4Dk4nQHYBFb8yCkBBAC+WMUQ+FC6GQ+pyaWlwTRsBAT4+Tp8w9jD7PK4
-xeEmVZDirP0VkW18UeQEueWJ63ia7wIGf1WyVH1tbvgVyRLsjT2cpKo8c6OkNkhf
-GfjTnUJPeBNy8734UDIdqZLXJl0z6Z1R0CfOjBqvV25kWUvMkz/NEgZBhE+cm3Ju
-Zy1k7QARAQABAAP9HrUaGvdpqTwVx3cHyXUhId6GzCuuKyaP4mZoGeBCcaQS2vQR
-YtiykwBwX/AlfwSFJmmHKB6EErWIA+QyaEFR/fO56cHD2TY3Ql0BGcuHIx3+9pkp
-biPBZdiiGz7oa6k6GWsbKSksqwV8poSXV7qbn+Bjm2xCM4VnjNZIrFtL7fkCAMOf
-e9yHBFoXfc175bkNXEUXrNS34kv2ODAlx6KyY+PS77D+nprpHpGCnLn77G+xH1Xi
-qvX1Dr/iSQU5Tzsd+tcCAPkYZulaC/9itwme7wIT3ur+mdqMHymsCzv9193iLgjJ
-9t7fARo18yB845hI9Xv7TwRcoyuSpfvuM05rCMRzydsCAOI1MZeKtZSogXVa9QTX
-sVGZeCkrujSVOgsA3w48OLc2OrwZskDfx5QHfeJnumjQLut5qsnZ+1onj9P2dGdn
-JaChe4kBPQQYAQIACQUCVvzIKQIbLgCoCRAqYf65XmeSk50gBBkBAgAGBQJW/Mgp
-AAoJELCUmIrUFDr+MNcEAJ92rSORLJkcsOogulFVlib/5SotT64srQ7K3R+cVJh1
-IKelVPD8PWOhvrL+dCi321UNZfvP9we9U42nbDsYfjwT7BMmKSull01RsuOCA7xV
-hsjqHfLZn3BTfSKVOQ5kpP758vRu0Sv5257WtlZ32Ts8JuYt3DZD6xRjy9c9Ct6r
-NFcD/jOwV3agUUhQwwaRtSdE62YqBI7ynjrE/1JfJm1bex0KXDfdyMEzuLpMtFqM
-tp2+0m00MOsDqVOeLu/uXUkNN5bVB4NaMMumNwjDnhS/nvQC6QGQFGjMGO8zBYap
-T1WWTH3TC0bHS4p+u0SDPjiegPduQDOdmxEE9WMJEJT+Jr0G
-=hvJM
------END PGP PRIVATE KEY BLOCK-----
-HERE
-
-end
diff --git a/tests/white-box/network.rb b/tests/white-box/network.rb
deleted file mode 100644
index a08cdfbe..00000000
--- a/tests/white-box/network.rb
+++ /dev/null
@@ -1,90 +0,0 @@
-require 'socket'
-require 'openssl'
-
-raise SkipTest if $node["dummy"]
-
-class Network < LeapTest
-
-  def setup
-  end
-
-  def test_01_Can_connect_to_internet?
-    assert_get('http://www.google.com/images/srpr/logo11w.png')
-    pass
-  end
-
-  #
-  # example properties:
-  #
-  # stunnel:
-  #   ednp_clients:
-  #     elk_9002:
-  #       accept_port: 4003
-  #       connect: elk.dev.bitmask.i
-  #       connect_port: 19002
-  #   couch_server:
-  #     accept: 15984
-  #     connect: "127.0.0.1:5984"
-  #
-  def test_02_Is_stunnel_running?
-    ignore unless $node['stunnel']
-    good_stunnel_pids = []
-    release = `facter lsbmajdistrelease`
-    if release.to_i > 7
-      # on jessie, there is only one stunnel proc running instead of 6
-      expected = 1
-    else
-      expected = 6
-    end
-    $node['stunnel']['clients'].each do |stunnel_type, stunnel_configs|
-      stunnel_configs.each do |stunnel_name, stunnel_conf|
-        config_file_name = "/etc/stunnel/#{stunnel_name}.conf"
-        processes = pgrep(config_file_name)
-        assert_equal expected, processes.length, "There should be #{expected} stunnel processes running for `#{config_file_name}`"
-        good_stunnel_pids += processes.map{|ps| ps[:pid]}
-        assert port = stunnel_conf['accept_port'], 'Field `accept_port` must be present in `stunnel` property.'
-        assert_tcp_socket('localhost', port)
-      end
-    end
-    $node['stunnel']['servers'].each do |stunnel_name, stunnel_conf|
-      config_file_name = "/etc/stunnel/#{stunnel_name}.conf"
-      processes = pgrep(config_file_name)
-      assert_equal expected, processes.length, "There should be #{expected} stunnel processes running for `#{config_file_name}`"
-      good_stunnel_pids += processes.map{|ps| ps[:pid]}
-      assert accept_port = stunnel_conf['accept_port'], "Field `accept` must be present in property `stunnel.servers.#{stunnel_name}`"
-      assert_tcp_socket('localhost', accept_port)
-      assert connect_port = stunnel_conf['connect_port'], "Field `connect` must be present in property `stunnel.servers.#{stunnel_name}`"
-      assert_tcp_socket('localhost', connect_port,
-        "The local connect endpoint for stunnel `#{stunnel_name}` is unavailable.\n"+
-        "This is probably caused by a daemon that died or failed to start on\n"+
-        "port `#{connect_port}`, not stunnel itself.")
-    end
-    all_stunnel_pids = pgrep('/usr/bin/stunnel').collect{|process| process[:pid]}.uniq
-    assert_equal good_stunnel_pids.sort, all_stunnel_pids.sort, "There should not be any extra stunnel processes that are not configured in /etc/stunnel"
-    pass
-  end
-
-  def test_03_Is_shorewall_running?
-    ignore unless File.exist?('/sbin/shorewall')
-    assert_run('/sbin/shorewall status')
-    pass
-  end
-
-  THIRTY_DAYS = 60*60*24*30
-
-  def test_04_Are_server_certificates_valid?
-    cert_paths = ["/etc/x509/certs/leap_commercial.crt", "/etc/x509/certs/leap.crt"]
-    cert_paths.each do |cert_path|
-      if File.exist?(cert_path)
-        cert = OpenSSL::X509::Certificate.new(File.read(cert_path))
-        if Time.now > cert.not_after
-          fail "The certificate #{cert_path} expired on #{cert.not_after}"
-        elsif Time.now + THIRTY_DAYS > cert.not_after
-          fail "The certificate #{cert_path} will expire soon, on #{cert.not_after}"
-        end
-      end
-    end
-    pass
-  end
-
-end
diff --git a/tests/white-box/openvpn.rb b/tests/white-box/openvpn.rb
deleted file mode 100644
index 170d4503..00000000
--- a/tests/white-box/openvpn.rb
+++ /dev/null
@@ -1,16 +0,0 @@
-raise SkipTest unless service?(:openvpn)
-
-class OpenVPN < LeapTest
-  depends_on "Network"
-
-  def setup
-  end
-
-  def test_01_Are_daemons_running?
-    assert_running '^/usr/sbin/openvpn .* /etc/openvpn/tcp_config.conf$'
-    assert_running '^/usr/sbin/openvpn .* /etc/openvpn/udp_config.conf$'
-    assert_running '^/usr/sbin/unbound$'
-    pass
-  end
-
-end
diff --git a/tests/white-box/soledad.rb b/tests/white-box/soledad.rb
deleted file mode 100644
index d41bee58..00000000
--- a/tests/white-box/soledad.rb
+++ /dev/null
@@ -1,17 +0,0 @@
-raise SkipTest unless service?(:soledad)
-
-require 'json'
-
-class Soledad < LeapTest
-  depends_on "Network"
-  depends_on "CouchDB" if service?(:couchdb)
-
-  def setup
-  end
-
-  def test_00_Is_Soledad_running?
-    assert_running '.*/usr/bin/twistd.*--wsgi=leap.soledad.server.application'
-    pass
-  end
-
-end
diff --git a/tests/white-box/webapp.rb b/tests/white-box/webapp.rb
deleted file mode 100644
index 40c234d6..00000000
--- a/tests/white-box/webapp.rb
+++ /dev/null
@@ -1,114 +0,0 @@
-raise SkipTest unless service?(:webapp)
-
-require 'json'
-
-class Webapp < LeapTest
-  depends_on "Network"
-
-  def setup
-  end
-
-  def test_01_Can_contact_couchdb?
-    url = couchdb_url("", url_options)
-    assert_get(url) do |body|
-      assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message."
-    end
-    pass
-  end
-
-  def test_02_Can_contact_couchdb_via_haproxy?
-    if property('haproxy.couch')
-      url = couchdb_url_via_haproxy("", url_options)
-      assert_get(url) do |body|
-        assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message."
-      end
-      pass
-    end
-  end
-
-  def test_03_Are_daemons_running?
-    assert_running '^/usr/sbin/apache2'
-    assert_running '^/usr/bin/ruby /usr/bin/nickserver'
-    pass
-  end
-
-  #
-  # this is technically a black-box test. so, move this when we have support
-  # for black box tests.
-  #
-  def test_04_Can_access_webapp?
-    assert_get('https://' + $node['webapp']['domain'] + '/')
-    pass
-  end
-
-  def test_05_Can_create_and_authenticate_and_delete_user_via_API?
-    if property('webapp.allow_registration')
-      assert_tmp_user
-      pass
-    else
-      skip "New user registrations are disabled."
-    end
-  end
-
-  def test_06_Can_sync_Soledad?
-    return unless property('webapp.allow_registration')
-    soledad_config = property('definition_files.soledad_service')
-    if soledad_config && !soledad_config.empty?
-      soledad_server = pick_soledad_server(soledad_config)
-      if soledad_server
-        assert_tmp_user do |user|
-          command = File.expand_path "../../helpers/soledad_sync.py", __FILE__
-          soledad_url = "https://#{soledad_server}/user-#{user.id}"
-          soledad_cert = "/usr/local/share/ca-certificates/leap_ca.crt"
-          assert_run "#{command} #{user.id} #{user.session_token} #{soledad_url} #{soledad_cert} #{user.password}"
-          assert_user_db_privileges(user)
-          pass
-        end
-      end
-    else
-      skip 'No soledad service configuration'
-    end
-  end
-
-  private
-
-  def url_options
-    {
-      :username => property('webapp.couchdb_webapp_user.username'),
-      :password => property('webapp.couchdb_webapp_user.password')
-    }
-  end
-
-  #
-  # pick a random soledad server.
-  # I am not sure why, but using IP address directly does not work.
-  #
-  def pick_soledad_server(soledad_config_json_str)
-    soledad_config = JSON.parse(soledad_config_json_str)
-    host_name = soledad_config['hosts'].keys.shuffle.first
-    if host_name
-      hostname = soledad_config['hosts'][host_name]['hostname']
-      port = soledad_config['hosts'][host_name]['port']
-      return "#{hostname}:#{port}"
-    else
-      return nil
-    end
-  end
-
-  #
-  # checks if user db exists and is properly protected
-  #
-  def assert_user_db_privileges(user)
-    db_name = "/user-#{user.id}"
-    get(couchdb_url(db_name)) do |body, response, error|
-      code = response.code.to_i
-      assert code != 404, "Could not find user db `#{db_name}` for test user `#{user.username}`\nuuid=#{user.id}\nHTTP #{response.code} #{error} #{body}"
-      # After moving to couchdb, webapp user is not allowed to Read user dbs,
-      # but the return code for non-existent databases is 404. See #7674
-      # 401 should come as we aren't supposed to have read privileges on it.
-      assert code != 200, "Incorrect security settings (design doc) on user db `#{db_name}` for test user `#{user.username}`\nuuid=#{user.id}\nHTTP #{response.code} #{error} #{body}"
-      assert code == 401, "Unknown error on user db on user db `#{db_name}` for test user `#{user.username}`\nuuid=#{user.id}\nHTTP #{response.code} #{error} #{body}"
-    end
-  end
-
-end