diff options
Diffstat (limited to 'tests/white-box')
-rw-r--r-- | tests/white-box/couchdb.rb | 60 | ||||
-rw-r--r-- | tests/white-box/mx.rb | 50 | ||||
-rw-r--r-- | tests/white-box/openvpn.rb | 4 | ||||
-rw-r--r-- | tests/white-box/soledad.rb | 17 | ||||
-rw-r--r-- | tests/white-box/webapp.rb | 143 |
5 files changed, 203 insertions, 71 deletions
diff --git a/tests/white-box/couchdb.rb b/tests/white-box/couchdb.rb index a5adb2bf..2788f4f7 100644 --- a/tests/white-box/couchdb.rb +++ b/tests/white-box/couchdb.rb @@ -1,4 +1,4 @@ -raise SkipTest unless $node["services"].include?("couchdb") +raise SkipTest unless service?(:couchdb) require 'json' @@ -52,7 +52,7 @@ class CouchDB < LeapTest # def test_03_Are_configured_nodes_online? return unless multimaster? - url = couchdb_url("/_membership", :user => 'admin') + url = couchdb_url("/_membership", :username => 'admin') assert_get(url) do |body| response = JSON.parse(body) nodes_configured_but_not_available = response['cluster_nodes'] - response['all_nodes'] @@ -71,7 +71,7 @@ class CouchDB < LeapTest def test_04_Do_ACL_users_exist? acl_users = ['_design/_auth', 'leap_mx', 'nickserver', 'soledad', 'tapicero', 'webapp', 'replication'] - url = couchdb_backend_url("/_users/_all_docs", :user => 'admin') + url = couchdb_backend_url("/_users/_all_docs", :username => 'admin') assert_get(url) do |body| response = JSON.parse(body) assert_equal acl_users.count, response['total_rows'] @@ -84,7 +84,7 @@ class CouchDB < LeapTest def test_05_Do_required_databases_exist? dbs_that_should_exist = ["customers","identities","keycache","sessions","shared","tickets","tokens","users"] dbs_that_should_exist.each do |db_name| - url = couchdb_url("/"+db_name, :user => 'admin') + url = couchdb_url("/"+db_name, :username => 'admin') assert_get(url) do |body| assert response = JSON.parse(body) assert_equal db_name, response['db_name'] @@ -102,50 +102,54 @@ class CouchDB < LeapTest #def test_06_Is_ACL_enforced? # ok = assert_auth_fail( - # couchdb_url('/users/_all_docs', :user => 'leap_mx'), + # couchdb_url('/users/_all_docs', :username => 'leap_mx'), # {:limit => 1} # ) # ok = assert_auth_fail( - # couchdb_url('/users/_all_docs', :user => 'leap_mx'), + # couchdb_url('/users/_all_docs', :username => 'leap_mx'), # {:limit => 1} # ) && ok # pass if ok #end - def test_07_What? + def test_07_Can_records_be_created? + token = Token.new + url = couchdb_url("/tokens", :username => 'admin') + assert_post(url, token, :format => :json) do |body| + assert response = JSON.parse(body), "POST response should be JSON" + assert response["ok"], "POST response should be OK" + assert_delete(File.join(url, response["id"]), :rev => response["rev"]) do |body| + assert response = JSON.parse(body), "DELETE response should be JSON" + assert response["ok"], "DELETE response should be OK" + end + end pass end private - def couchdb_url(path="", options=nil) - options||={} - @port ||= begin - assert_property 'couch.port' - $node['couch']['port'] - end - url = 'http://' - if options[:user] - assert_property 'couch.users.' + options[:user] - password = $node['couch']['users'][options[:user]]['password'] - url += "%s:%s@" % [options[:user], password] - end - url += "localhost:#{options[:port] || @port}#{path}" - url + def multimaster? + mode == "multimaster" end + def mode + assert_property('couch.mode') + end + + # TODO: admin port is hardcoded for now but should be configurable. def couchdb_backend_url(path="", options={}) - # TODO: admin port is hardcoded for now but should be configurable. options = {port: multimaster? && "5986"}.merge options couchdb_url(path, options) end - def multimaster? - mode == "multimaster" - end - - def mode - assert_property('couch.mode') + require 'securerandom' + require 'digest/sha2' + class Token < Hash + def initialize + self['token'] = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '') + self['_id'] = Digest::SHA512.hexdigest(self['token']) + self['last_seen_at'] = Time.now + end end end diff --git a/tests/white-box/mx.rb b/tests/white-box/mx.rb new file mode 100644 index 00000000..794a9a41 --- /dev/null +++ b/tests/white-box/mx.rb @@ -0,0 +1,50 @@ +raise SkipTest unless service?(:mx) + +require 'json' + +class Mx < LeapTest + depends_on "Network" + + def setup + end + + def test_01_Can_contact_couchdb? + dbs = ["identities"] + dbs.each do |db_name| + couchdb_urls("/"+db_name, url_options).each do |url| + assert_get(url) do |body| + assert response = JSON.parse(body) + assert_equal db_name, response['db_name'] + end + end + end + pass + end + + def test_02_Can_contact_couchdb_via_haproxy? + if property('haproxy.couch') + url = couchdb_url_via_haproxy("", url_options) + assert_get(url) do |body| + assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message." + end + pass + end + end + + def test_03_Are_MX_daemons_running? + assert_running 'leap_mx' + assert_running '/usr/lib/postfix/master' + assert_running '/usr/sbin/unbound' + pass + end + + private + + def url_options + { + :username => property('couchdb_leap_mx_user.username'), + :password => property('couchdb_leap_mx_user.password') + } + end + +end diff --git a/tests/white-box/openvpn.rb b/tests/white-box/openvpn.rb index 5eb2bdb5..23a40426 100644 --- a/tests/white-box/openvpn.rb +++ b/tests/white-box/openvpn.rb @@ -1,6 +1,6 @@ -raise SkipTest unless $node["services"].include?("openvpn") +raise SkipTest unless service?(:openvpn) -class Openvpn < LeapTest +class OpenVPN < LeapTest depends_on "Network" def setup diff --git a/tests/white-box/soledad.rb b/tests/white-box/soledad.rb new file mode 100644 index 00000000..5a13e4a6 --- /dev/null +++ b/tests/white-box/soledad.rb @@ -0,0 +1,17 @@ +raise SkipTest unless service?(:soledad) + +require 'json' + +class Soledad < LeapTest + depends_on "Network" + depends_on "CouchDB" if service?(:couchdb) + + def setup + end + + def test_00_Is_Soledad_running? + assert_running 'soledad' + pass + end + +end diff --git a/tests/white-box/webapp.rb b/tests/white-box/webapp.rb index 7df57fd7..2aa87403 100644 --- a/tests/white-box/webapp.rb +++ b/tests/white-box/webapp.rb @@ -1,58 +1,29 @@ -raise SkipTest unless $node["services"].include?("webapp") +raise SkipTest unless service?(:webapp) -require 'socket' +require 'json' class Webapp < LeapTest depends_on "Network" - HAPROXY_CONFIG = '/etc/haproxy/haproxy.cfg' - def setup end - # - # example properties: - # - # stunnel: - # clients: - # couch_client: - # couch1_5984: - # accept_port: 4000 - # connect: couch1.bitmask.i - # connect_port: 15984 - # def test_01_Can_contact_couchdb? - assert_property('stunnel.clients.couch_client') - $node['stunnel']['clients']['couch_client'].values.each do |stunnel_conf| - assert port = stunnel_conf['accept_port'], 'Field `accept_port` must be present in `stunnel` property.' - local_stunnel_url = "http://localhost:#{port}" - remote_ip_address = TCPSocket.gethostbyname(stunnel_conf['connect']).last - msg = "(stunnel to %s:%s, aka %s)" % [stunnel_conf['connect'], stunnel_conf['connect_port'], remote_ip_address] - assert_get(local_stunnel_url, nil, error_msg: msg) do |body| - assert_match /"couchdb":"Welcome"/, body, "Request to #{local_stunnel_url} should return couchdb welcome message." - end + url = couchdb_url("", url_options) + assert_get(url) do |body| + assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message." end pass end - # - # example properties: - # - # haproxy: - # servers: - # couch1: - # backup: false - # host: localhost - # port: 4000 - # weight: 10 - # - def test_02_Is_haproxy_working? - port = file_match(HAPROXY_CONFIG, /^ bind localhost:(\d+)$/) - url = "http://localhost:#{port}" - assert_get(url) do |body| - assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message." + def test_02_Can_contact_couchdb_via_haproxy? + if property('haproxy.couch') + url = couchdb_url_via_haproxy("", url_options) + assert_get(url) do |body| + assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message." + end + pass end - pass end def test_03_Are_daemons_running? @@ -70,4 +41,94 @@ class Webapp < LeapTest pass end + def test_05_Can_create_user? + @@user = nil + user = SRP::User.new + url = api_url("/1/users.json") + assert_post(url, user.to_params) do |body| + assert response = JSON.parse(body), 'response should be JSON' + assert response['ok'], 'creating a user should be successful' + end + @@user = user + pass + end + + def test_06_Can_authenticate? + @@user_id = nil + @@session_token = nil + if @@user.nil? + skip "Depends on user creation" + else + url = api_url("/1/sessions.json") + session = SRP::Session.new(@@user) + params = {'login' => @@user.username, 'A' => session.aa} + assert_post(url, params) do |response, body| + cookie = response['Set-Cookie'].split(';').first + assert(response = JSON.parse(body), 'response should be JSON') + assert(bb = response["B"]) + session.bb = bb + url = api_url("/1/sessions/login.json") + params = {'client_auth' => session.m, 'A' => session.aa} + options = {:headers => {'Cookie' => cookie}} + assert_put(url, params, options) do |body| + assert(response = JSON.parse(body), 'response should be JSON') + assert(response['M2'], 'response should include M2') + assert(@@session_token = response['token'], 'response should include token') + assert(@@user_id = response['id'], 'response should include user id') + end + end + pass + end + end + + def test_07_Can_delete_user? + if @@user_id.nil? || @@session_token.nil? + skip "Depends on authentication" + else + url = api_url("/1/users/#{@@user_id}.json") + options = {:headers => { + "Authorization" => "Token token=\"#{@@session_token}\"" + }} + delete(url, {}, options) do |body, response, error| + if response.code.to_i != 200 + skip "It appears the web api is too old to support deleting users" + else + assert(response = JSON.parse(body), 'response should be JSON') + assert(response["success"], 'delete should be a success') + pass + end + end + end + end + + private + + def url_options + { + :username => property('couchdb_webapp_user.username'), + :password => property('couchdb_webapp_user.password') + } + end + + def api_url(path) + "https://%{domain}:%{port}#{path}" % { + :domain => property('api.domain'), + :port => property('api.port') + } + end + + # + # I tried, but couldn't get this working: + # # + # # get an CSRF authenticity token + # # + # url = api_url("/") + # csrf_token = nil + # assert_get(url) do |body| + # lines = body.split("\n").grep(/csrf-token/) + # assert lines.any?, 'failed to find csrf-token' + # csrf_token = lines.first.split('"')[1] + # assert csrf_token, 'failed to find csrf-token' + # end + end |