1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
raise SkipTest unless service?(:couchdb)
require 'json'
class CouchDB < LeapTest
depends_on "Network"
def setup
end
def test_00_Are_daemons_running?
assert_running 'bin/beam'
if multimaster?
assert_running 'bin/epmd'
end
pass
end
#
# check to make sure we can get welcome response from local couchdb
#
def test_01_Is_CouchDB_running?
assert_get(couchdb_url) do |body|
assert_match /"couchdb":"Welcome"/, body, "Could not get welcome message from #{couchdb_url}. Probably couchdb is not running."
end
pass
end
#
# all configured nodes are in 'cluster_nodes'
# all nodes online and communicating are in 'all_nodes'
#
# this seems backward to me, so it might be the other way around.
#
def test_03_Are_configured_nodes_online?
return unless multimaster?
url = couchdb_url("/_membership", :username => 'admin')
assert_get(url) do |body|
response = JSON.parse(body)
nodes_configured_but_not_available = response['cluster_nodes'] - response['all_nodes']
nodes_available_but_not_configured = response['all_nodes'] - response['cluster_nodes']
if nodes_configured_but_not_available.any?
warn "These nodes are configured but not available:", nodes_configured_but_not_available
end
if nodes_available_but_not_configured.any?
warn "These nodes are available but not configured:", nodes_available_but_not_configured
end
if response['cluster_nodes'] == response['all_nodes']
pass
end
end
end
def test_04_Do_ACL_users_exist?
acl_users = ['_design/_auth', 'leap_mx', 'nickserver', 'soledad', 'webapp', 'replication']
url = couchdb_backend_url("/_users/_all_docs", :username => 'admin')
assert_get(url) do |body|
response = JSON.parse(body)
assert_equal acl_users.count, response['total_rows']
actual_users = response['rows'].map{|row| row['id'].sub(/^org.couchdb.user:/, '') }
assert_equal acl_users.sort, actual_users.sort
end
pass
end
def test_05_Do_required_databases_exist?
dbs_that_should_exist = ["customers","identities","keycache","shared","tickets","users", "tmp_users"]
dbs_that_should_exist << "tokens_#{rotation_suffix}"
dbs_that_should_exist << "sessions_#{rotation_suffix}"
dbs_that_should_exist.each do |db_name|
url = couchdb_url("/"+db_name, :username => 'admin')
assert_get(url) do |body|
assert response = JSON.parse(body)
assert_equal db_name, response['db_name']
end
end
pass
end
# disable ACL enforcement, because it's a known issue with bigcouch
# and will only confuse the user
# see https://leap.se/code/issues/6030 for more details
#
## for now, this just prints warnings, since we are failing these tests.
##
#def test_06_Is_ACL_enforced?
# ok = assert_auth_fail(
# couchdb_url('/users/_all_docs', :username => 'leap_mx'),
# {:limit => 1}
# )
# ok = assert_auth_fail(
# couchdb_url('/users/_all_docs', :username => 'leap_mx'),
# {:limit => 1}
# ) && ok
# pass if ok
#end
def test_07_Can_records_be_created?
record = DummyRecord.new
url = couchdb_url("/tokens_#{rotation_suffix}", :username => 'admin')
assert_post(url, record, :format => :json) do |body|
assert response = JSON.parse(body), "POST response should be JSON"
assert response["ok"], "POST response should be OK"
assert_delete(File.join(url, response["id"]), :rev => response["rev"]) do |body|
assert response = JSON.parse(body), "DELETE response should be JSON"
assert response["ok"], "DELETE response should be OK"
end
end
pass
end
#
# This is not really a "test", just an attempt to make sure that
# the mx tests that fire off dummy emails don't fill up the
# storage db.
#
# mx tests can't run this because they don't have access to
# the storage db.
#
# This "test" is responsible for both creating the db if it does not
# exist, and destroying if it does.
#
# Yes, this is super hacky. Properly, we should add something to
# the soledad api to support create/delete of user storage dbs.
#
def test_99_Delete_mail_storage_used_in_mx_tests
user = find_user_by_login(TEST_EMAIL_USER)
if user
if user_db_exists?(user["id"])
# keep the test email db from filling up:
assert_destroy_user_db(user["id"], :username => 'admin')
end
# either way, make sure we leave a db for the mx tests:
assert_create_user_db(user["id"], :username => 'admin')
end
silent_pass
end
private
def multimaster?
mode == "multimaster"
end
def mode
assert_property('couch.mode')
end
# TODO: admin port is hardcoded for now but should be configurable.
def couchdb_backend_url(path="", options={})
options = {port: multimaster? && "5986"}.merge options
couchdb_url(path, options)
end
def rotation_suffix
rotation_suffix = Time.now.utc.to_i / 2592000 # monthly
end
require 'securerandom'
require 'digest/sha2'
class DummyRecord < Hash
def initialize
self['data'] = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '')
self['_id'] = Digest::SHA512.hexdigest(self['data'])
end
end
end
|
