summaryrefslogtreecommitdiff
path: root/tests/white-box
diff options
context:
space:
mode:
Diffstat (limited to 'tests/white-box')
-rw-r--r--tests/white-box/couchdb.rb60
-rw-r--r--tests/white-box/mx.rb50
-rw-r--r--tests/white-box/openvpn.rb4
-rw-r--r--tests/white-box/soledad.rb17
-rw-r--r--tests/white-box/webapp.rb143
5 files changed, 203 insertions, 71 deletions
diff --git a/tests/white-box/couchdb.rb b/tests/white-box/couchdb.rb
index a5adb2bf..2788f4f7 100644
--- a/tests/white-box/couchdb.rb
+++ b/tests/white-box/couchdb.rb
@@ -1,4 +1,4 @@
-raise SkipTest unless $node["services"].include?("couchdb")
+raise SkipTest unless service?(:couchdb)
require 'json'
@@ -52,7 +52,7 @@ class CouchDB < LeapTest
#
def test_03_Are_configured_nodes_online?
return unless multimaster?
- url = couchdb_url("/_membership", :user => 'admin')
+ url = couchdb_url("/_membership", :username => 'admin')
assert_get(url) do |body|
response = JSON.parse(body)
nodes_configured_but_not_available = response['cluster_nodes'] - response['all_nodes']
@@ -71,7 +71,7 @@ class CouchDB < LeapTest
def test_04_Do_ACL_users_exist?
acl_users = ['_design/_auth', 'leap_mx', 'nickserver', 'soledad', 'tapicero', 'webapp', 'replication']
- url = couchdb_backend_url("/_users/_all_docs", :user => 'admin')
+ url = couchdb_backend_url("/_users/_all_docs", :username => 'admin')
assert_get(url) do |body|
response = JSON.parse(body)
assert_equal acl_users.count, response['total_rows']
@@ -84,7 +84,7 @@ class CouchDB < LeapTest
def test_05_Do_required_databases_exist?
dbs_that_should_exist = ["customers","identities","keycache","sessions","shared","tickets","tokens","users"]
dbs_that_should_exist.each do |db_name|
- url = couchdb_url("/"+db_name, :user => 'admin')
+ url = couchdb_url("/"+db_name, :username => 'admin')
assert_get(url) do |body|
assert response = JSON.parse(body)
assert_equal db_name, response['db_name']
@@ -102,50 +102,54 @@ class CouchDB < LeapTest
#def test_06_Is_ACL_enforced?
# ok = assert_auth_fail(
- # couchdb_url('/users/_all_docs', :user => 'leap_mx'),
+ # couchdb_url('/users/_all_docs', :username => 'leap_mx'),
# {:limit => 1}
# )
# ok = assert_auth_fail(
- # couchdb_url('/users/_all_docs', :user => 'leap_mx'),
+ # couchdb_url('/users/_all_docs', :username => 'leap_mx'),
# {:limit => 1}
# ) && ok
# pass if ok
#end
- def test_07_What?
+ def test_07_Can_records_be_created?
+ token = Token.new
+ url = couchdb_url("/tokens", :username => 'admin')
+ assert_post(url, token, :format => :json) do |body|
+ assert response = JSON.parse(body), "POST response should be JSON"
+ assert response["ok"], "POST response should be OK"
+ assert_delete(File.join(url, response["id"]), :rev => response["rev"]) do |body|
+ assert response = JSON.parse(body), "DELETE response should be JSON"
+ assert response["ok"], "DELETE response should be OK"
+ end
+ end
pass
end
private
- def couchdb_url(path="", options=nil)
- options||={}
- @port ||= begin
- assert_property 'couch.port'
- $node['couch']['port']
- end
- url = 'http://'
- if options[:user]
- assert_property 'couch.users.' + options[:user]
- password = $node['couch']['users'][options[:user]]['password']
- url += "%s:%s@" % [options[:user], password]
- end
- url += "localhost:#{options[:port] || @port}#{path}"
- url
+ def multimaster?
+ mode == "multimaster"
end
+ def mode
+ assert_property('couch.mode')
+ end
+
+ # TODO: admin port is hardcoded for now but should be configurable.
def couchdb_backend_url(path="", options={})
- # TODO: admin port is hardcoded for now but should be configurable.
options = {port: multimaster? && "5986"}.merge options
couchdb_url(path, options)
end
- def multimaster?
- mode == "multimaster"
- end
-
- def mode
- assert_property('couch.mode')
+ require 'securerandom'
+ require 'digest/sha2'
+ class Token < Hash
+ def initialize
+ self['token'] = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '')
+ self['_id'] = Digest::SHA512.hexdigest(self['token'])
+ self['last_seen_at'] = Time.now
+ end
end
end
diff --git a/tests/white-box/mx.rb b/tests/white-box/mx.rb
new file mode 100644
index 00000000..794a9a41
--- /dev/null
+++ b/tests/white-box/mx.rb
@@ -0,0 +1,50 @@
+raise SkipTest unless service?(:mx)
+
+require 'json'
+
+class Mx < LeapTest
+ depends_on "Network"
+
+ def setup
+ end
+
+ def test_01_Can_contact_couchdb?
+ dbs = ["identities"]
+ dbs.each do |db_name|
+ couchdb_urls("/"+db_name, url_options).each do |url|
+ assert_get(url) do |body|
+ assert response = JSON.parse(body)
+ assert_equal db_name, response['db_name']
+ end
+ end
+ end
+ pass
+ end
+
+ def test_02_Can_contact_couchdb_via_haproxy?
+ if property('haproxy.couch')
+ url = couchdb_url_via_haproxy("", url_options)
+ assert_get(url) do |body|
+ assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message."
+ end
+ pass
+ end
+ end
+
+ def test_03_Are_MX_daemons_running?
+ assert_running 'leap_mx'
+ assert_running '/usr/lib/postfix/master'
+ assert_running '/usr/sbin/unbound'
+ pass
+ end
+
+ private
+
+ def url_options
+ {
+ :username => property('couchdb_leap_mx_user.username'),
+ :password => property('couchdb_leap_mx_user.password')
+ }
+ end
+
+end
diff --git a/tests/white-box/openvpn.rb b/tests/white-box/openvpn.rb
index 5eb2bdb5..23a40426 100644
--- a/tests/white-box/openvpn.rb
+++ b/tests/white-box/openvpn.rb
@@ -1,6 +1,6 @@
-raise SkipTest unless $node["services"].include?("openvpn")
+raise SkipTest unless service?(:openvpn)
-class Openvpn < LeapTest
+class OpenVPN < LeapTest
depends_on "Network"
def setup
diff --git a/tests/white-box/soledad.rb b/tests/white-box/soledad.rb
new file mode 100644
index 00000000..5a13e4a6
--- /dev/null
+++ b/tests/white-box/soledad.rb
@@ -0,0 +1,17 @@
+raise SkipTest unless service?(:soledad)
+
+require 'json'
+
+class Soledad < LeapTest
+ depends_on "Network"
+ depends_on "CouchDB" if service?(:couchdb)
+
+ def setup
+ end
+
+ def test_00_Is_Soledad_running?
+ assert_running 'soledad'
+ pass
+ end
+
+end
diff --git a/tests/white-box/webapp.rb b/tests/white-box/webapp.rb
index 7df57fd7..2aa87403 100644
--- a/tests/white-box/webapp.rb
+++ b/tests/white-box/webapp.rb
@@ -1,58 +1,29 @@
-raise SkipTest unless $node["services"].include?("webapp")
+raise SkipTest unless service?(:webapp)
-require 'socket'
+require 'json'
class Webapp < LeapTest
depends_on "Network"
- HAPROXY_CONFIG = '/etc/haproxy/haproxy.cfg'
-
def setup
end
- #
- # example properties:
- #
- # stunnel:
- # clients:
- # couch_client:
- # couch1_5984:
- # accept_port: 4000
- # connect: couch1.bitmask.i
- # connect_port: 15984
- #
def test_01_Can_contact_couchdb?
- assert_property('stunnel.clients.couch_client')
- $node['stunnel']['clients']['couch_client'].values.each do |stunnel_conf|
- assert port = stunnel_conf['accept_port'], 'Field `accept_port` must be present in `stunnel` property.'
- local_stunnel_url = "http://localhost:#{port}"
- remote_ip_address = TCPSocket.gethostbyname(stunnel_conf['connect']).last
- msg = "(stunnel to %s:%s, aka %s)" % [stunnel_conf['connect'], stunnel_conf['connect_port'], remote_ip_address]
- assert_get(local_stunnel_url, nil, error_msg: msg) do |body|
- assert_match /"couchdb":"Welcome"/, body, "Request to #{local_stunnel_url} should return couchdb welcome message."
- end
+ url = couchdb_url("", url_options)
+ assert_get(url) do |body|
+ assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message."
end
pass
end
- #
- # example properties:
- #
- # haproxy:
- # servers:
- # couch1:
- # backup: false
- # host: localhost
- # port: 4000
- # weight: 10
- #
- def test_02_Is_haproxy_working?
- port = file_match(HAPROXY_CONFIG, /^ bind localhost:(\d+)$/)
- url = "http://localhost:#{port}"
- assert_get(url) do |body|
- assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message."
+ def test_02_Can_contact_couchdb_via_haproxy?
+ if property('haproxy.couch')
+ url = couchdb_url_via_haproxy("", url_options)
+ assert_get(url) do |body|
+ assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message."
+ end
+ pass
end
- pass
end
def test_03_Are_daemons_running?
@@ -70,4 +41,94 @@ class Webapp < LeapTest
pass
end
+ def test_05_Can_create_user?
+ @@user = nil
+ user = SRP::User.new
+ url = api_url("/1/users.json")
+ assert_post(url, user.to_params) do |body|
+ assert response = JSON.parse(body), 'response should be JSON'
+ assert response['ok'], 'creating a user should be successful'
+ end
+ @@user = user
+ pass
+ end
+
+ def test_06_Can_authenticate?
+ @@user_id = nil
+ @@session_token = nil
+ if @@user.nil?
+ skip "Depends on user creation"
+ else
+ url = api_url("/1/sessions.json")
+ session = SRP::Session.new(@@user)
+ params = {'login' => @@user.username, 'A' => session.aa}
+ assert_post(url, params) do |response, body|
+ cookie = response['Set-Cookie'].split(';').first
+ assert(response = JSON.parse(body), 'response should be JSON')
+ assert(bb = response["B"])
+ session.bb = bb
+ url = api_url("/1/sessions/login.json")
+ params = {'client_auth' => session.m, 'A' => session.aa}
+ options = {:headers => {'Cookie' => cookie}}
+ assert_put(url, params, options) do |body|
+ assert(response = JSON.parse(body), 'response should be JSON')
+ assert(response['M2'], 'response should include M2')
+ assert(@@session_token = response['token'], 'response should include token')
+ assert(@@user_id = response['id'], 'response should include user id')
+ end
+ end
+ pass
+ end
+ end
+
+ def test_07_Can_delete_user?
+ if @@user_id.nil? || @@session_token.nil?
+ skip "Depends on authentication"
+ else
+ url = api_url("/1/users/#{@@user_id}.json")
+ options = {:headers => {
+ "Authorization" => "Token token=\"#{@@session_token}\""
+ }}
+ delete(url, {}, options) do |body, response, error|
+ if response.code.to_i != 200
+ skip "It appears the web api is too old to support deleting users"
+ else
+ assert(response = JSON.parse(body), 'response should be JSON')
+ assert(response["success"], 'delete should be a success')
+ pass
+ end
+ end
+ end
+ end
+
+ private
+
+ def url_options
+ {
+ :username => property('couchdb_webapp_user.username'),
+ :password => property('couchdb_webapp_user.password')
+ }
+ end
+
+ def api_url(path)
+ "https://%{domain}:%{port}#{path}" % {
+ :domain => property('api.domain'),
+ :port => property('api.port')
+ }
+ end
+
+ #
+ # I tried, but couldn't get this working:
+ # #
+ # # get an CSRF authenticity token
+ # #
+ # url = api_url("/")
+ # csrf_token = nil
+ # assert_get(url) do |body|
+ # lines = body.split("\n").grep(/csrf-token/)
+ # assert lines.any?, 'failed to find csrf-token'
+ # csrf_token = lines.first.split('"')[1]
+ # assert csrf_token, 'failed to find csrf-token'
+ # end
+
end