tests/white-box/couchdb.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159

raise SkipTest unless service?(:couchdb)

require 'json'

class CouchDB < LeapTest
  depends_on "Network"

  def setup
  end

  def test_00_Are_daemons_running?
    assert_running 'bin/beam'
    if multimaster?
      assert_running 'bin/epmd'
    end
    pass
  end

  #
  # check to make sure we can get welcome response from local couchdb
  #
  def test_01_Is_CouchDB_running?
    assert_get(couchdb_url) do |body|
      assert_match /"couchdb":"Welcome"/, body, "Could not get welcome message from #{couchdb_url}. Probably couchdb is not running."
    end
    pass
  end

  #
  # compare the configured nodes to the nodes that are actually listed in bigcouch
  #
  def test_02_Is_cluster_membership_ok?
    return unless multimaster?
    url = couchdb_backend_url("/nodes/_all_docs")
    neighbors = assert_property('couch.bigcouch.neighbors')
    neighbors << assert_property('domain.full')
    neighbors.sort!
    assert_get(url) do |body|
      response = JSON.parse(body)
      nodes_in_db = response['rows'].collect{|row| row['id'].sub(/^bigcouch@/, '')}.sort
      assert_equal neighbors, nodes_in_db, "The couchdb replication node list is wrong (/nodes/_all_docs)"
    end
    pass
  end

  #
  # all configured nodes are in 'cluster_nodes'
  # all nodes online and communicating are in 'all_nodes'
  #
  # this seems backward to me, so it might be the other way around.
  #
  def test_03_Are_configured_nodes_online?
    return unless multimaster?
    url = couchdb_url("/_membership", :username => 'admin')
    assert_get(url) do |body|
      response = JSON.parse(body)
      nodes_configured_but_not_available = response['cluster_nodes'] - response['all_nodes']
      nodes_available_but_not_configured = response['all_nodes'] - response['cluster_nodes']
      if nodes_configured_but_not_available.any?
        warn "These nodes are configured but not available:", nodes_configured_but_not_available
      end
      if nodes_available_but_not_configured.any?
        warn "These nodes are available but not configured:", nodes_available_but_not_configured
      end
      if response['cluster_nodes'] == response['all_nodes']
        pass
      end
    end
  end

  def test_04_Do_ACL_users_exist?
    acl_users = ['_design/_auth', 'leap_mx', 'nickserver', 'soledad', 'webapp', 'replication']
    url = couchdb_backend_url("/_users/_all_docs", :username => 'admin')
    assert_get(url) do |body|
      response = JSON.parse(body)
      assert_equal acl_users.count, response['total_rows']
      actual_users = response['rows'].map{|row| row['id'].sub(/^org.couchdb.user:/, '') }
      assert_equal acl_users.sort, actual_users.sort
    end
    pass
  end

  def test_05_Do_required_databases_exist?
    dbs_that_should_exist = ["customers","identities","keycache","shared","tickets","users", "tmp_users"]
    dbs_that_should_exist << "tokens_#{rotation_suffix}"
    dbs_that_should_exist << "sessions_#{rotation_suffix}"
    dbs_that_should_exist.each do |db_name|
      url = couchdb_url("/"+db_name, :username => 'admin')
      assert_get(url) do |body|
        assert response = JSON.parse(body)
        assert_equal db_name, response['db_name']
      end
    end
    pass
  end

  # disable ACL enforcement, because it's a known issue with bigcouch
  # and will only confuse the user
  # see https://leap.se/code/issues/6030 for more details
  #
  ## for now, this just prints warnings, since we are failing these tests.
  ##

  #def test_06_Is_ACL_enforced?
  #  ok = assert_auth_fail(
  #    couchdb_url('/users/_all_docs', :username => 'leap_mx'),
  #    {:limit => 1}
  #  )
  #  ok = assert_auth_fail(
  #    couchdb_url('/users/_all_docs', :username => 'leap_mx'),
  #    {:limit => 1}
  #  ) && ok
  #  pass if ok
  #end

  def test_07_Can_records_be_created?
    record = DummyRecord.new
    url = couchdb_url("/tokens_#{rotation_suffix}", :username => 'admin')
    assert_post(url, record, :format => :json) do |body|
      assert response = JSON.parse(body), "POST response should be JSON"
      assert response["ok"], "POST response should be OK"
      assert_delete(File.join(url, response["id"]), :rev => response["rev"]) do |body|
        assert response = JSON.parse(body), "DELETE response should be JSON"
        assert response["ok"], "DELETE response should be OK"
      end
    end
    pass
  end

  private

  def multimaster?
    mode == "multimaster"
  end

  def mode
    assert_property('couch.mode')
  end

  # TODO: admin port is hardcoded for now but should be configurable.
  def couchdb_backend_url(path="", options={})
    options = {port: multimaster? && "5986"}.merge options
    couchdb_url(path, options)
  end

  def rotation_suffix
    rotation_suffix = Time.now.utc.to_i / 2592000 # monthly
  end

  require 'securerandom'
  require 'digest/sha2'
  class DummyRecord < Hash
    def initialize
      self['data'] = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '')
      self['_id'] = Digest::SHA512.hexdigest(self['data'])
    end
  end

end