From c12815628abb9ccb58fefbc67b87a6e0e14da904 Mon Sep 17 00:00:00 2001 From: Romain Fihue Date: Wed, 24 Jul 2024 08:38:06 +0200 Subject: [PATCH 1/5] Dockerfile COPY statements must end with a / --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1a7fd2a..f6d418c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ RUN autoreconf -fvi && ./configure && make clean && make && make install COPY fixtures/krb5.conf /etc/krb5.conf COPY fixtures/auks* /conf/ COPY fixtures/renewer_script.sh /usr/local/bin/renewer_script.sh -COPY fixtures/entrypoint_*.sh /usr/local/bin +COPY fixtures/entrypoint_*.sh /usr/local/bin/ RUN chmod 0750 /usr/local/bin/entrypoint_*.sh RUN mkdir /var/cache/auks From 42c936a5d3146b9d910420fb8e9f25856413b923 Mon Sep 17 00:00:00 2001 From: Romain Fihue Date: Wed, 24 Jul 2024 13:39:39 +0200 Subject: [PATCH 2/5] auks_cred: Add a check on 'add' requests 'getpwnam' calls Before, when add request was done by unknown users, the getpwname does not find anything but does not fail either. In this case, auksd behaviour was undefined. Now, when the getpwnan does not find anything the 'add' request will fail gracefully. --- src/api/auks/auks_cred.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/api/auks/auks_cred.c b/src/api/auks/auks_cred.c index ca3fc81..92c6f13 100644 --- a/src/api/auks/auks_cred.c +++ b/src/api/auks/auks_cred.c @@ -217,17 +217,26 @@ int auks_cred_init(auks_cred_t * credential, char *data, size_t length) fstatus = AUKS_ERROR_CRED_INIT_KRB_PRINC_TO_UNAME ; goto string_exit; } + auks_log("Succesfully converted the '%s' principal to a local name '%s'", credential->info.principal, username); /* associated uid from username */ fstatus = getpwnam_r(username,&user_pwent,pwnam_buffer, pwnam_buffer_length,&p_pwent) ; if (fstatus) { - auks_log("unable to get %s pwnam entry : %s",username, + auks_log("Unexpected error while retrieving pwnam entry for '%s' : %s",username, strerror(fstatus)) ; fstatus = AUKS_ERROR_CRED_INIT_GETPWNAM ; goto string_exit; } + if (!p_pwent) { + auks_log("No password entry found for user '%s'",username); + fstatus = AUKS_ERROR_CRED_INIT_GETPWNAM; + goto string_exit; + } + + auks_log("Succesfully retrieved the password entry of the user '%s', uid is '%d'", username, user_pwent.pw_uid); + /* uid information */ credential->info.uid = user_pwent.pw_uid; From 4ef844adc19633747911e0b250103be115b98d26 Mon Sep 17 00:00:00 2001 From: Romain Fihue Date: Wed, 24 Jul 2024 14:25:57 +0200 Subject: [PATCH 3/5] bats: Add bats-assert lib as a submodule --- .gitmodules | 6 ++++++ tests/bats/bats-assert | 1 + tests/bats/bats-support | 1 + 3 files changed, 8 insertions(+) create mode 100644 .gitmodules create mode 160000 tests/bats/bats-assert create mode 160000 tests/bats/bats-support diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..83c6597 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,6 @@ +[submodule "tests/bats/bats-assert"] + path = tests/bats/bats-assert + url = https://github.com/ztombol/bats-assert.git +[submodule "tests/bats/bats-support"] + path = tests/bats/bats-support + url = https://github.com/ztombol/bats-support.git diff --git a/tests/bats/bats-assert b/tests/bats/bats-assert new file mode 160000 index 0000000..9f88b42 --- /dev/null +++ b/tests/bats/bats-assert @@ -0,0 +1 @@ +Subproject commit 9f88b4207da750093baabc4e3f41bf68f0dd3630 diff --git a/tests/bats/bats-support b/tests/bats/bats-support new file mode 160000 index 0000000..004e707 --- /dev/null +++ b/tests/bats/bats-support @@ -0,0 +1 @@ +Subproject commit 004e707638eedd62e0481e8cdc9223ad471f12ee From 3e9e2f1fda51680225b007e61a2b1905b38a2873 Mon Sep 17 00:00:00 2001 From: Romain Fihue Date: Wed, 24 Jul 2024 14:54:01 +0200 Subject: [PATCH 4/5] Refactor the Docker build process and associates test procedure --- .dockerignore | 1 + .gitignore | 3 + Dockerfile | 37 ++-- compose.yaml | 42 ----- entrypoint.sh | 5 + fixtures/auks.conf | 14 +- tests/auks_conf/auks.acl | 57 ++++++ tests/auks_conf/auks.conf | 124 ++++++++++++ tests/auks_conf/auks_client.conf | 124 ++++++++++++ tests/auks_tests_bootstrap.sh | 23 +++ tests/bats/simple.bats | 260 ++++++++++++++++++++++++++ tests/compose.yaml | 78 ++++++++ {fixtures => tests}/krb5.conf | 3 +- {fixtures => tests}/renewer_script.sh | 0 tests/simple.bats | 247 ------------------------ 15 files changed, 704 insertions(+), 314 deletions(-) create mode 120000 .dockerignore delete mode 100644 compose.yaml create mode 100644 entrypoint.sh create mode 100644 tests/auks_conf/auks.acl create mode 100644 tests/auks_conf/auks.conf create mode 100644 tests/auks_conf/auks_client.conf create mode 100644 tests/auks_tests_bootstrap.sh create mode 100644 tests/bats/simple.bats create mode 100644 tests/compose.yaml rename {fixtures => tests}/krb5.conf (90%) rename {fixtures => tests}/renewer_script.sh (100%) delete mode 100644 tests/simple.bats diff --git a/.dockerignore b/.dockerignore new file mode 120000 index 0000000..3e4e48b --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +.gitignore \ No newline at end of file diff --git a/.gitignore b/.gitignore index 407ac07..eb30142 100644 --- a/.gitignore +++ b/.gitignore @@ -138,3 +138,6 @@ flycheck_*.el /auks*.tar.gz /auks*.rpm /.rpmbuild + +# Gitlab build +/builds/ \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index f6d418c..1340b79 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,26 +1,29 @@ -FROM quay.io/almalinuxorg/almalinux:8 +FROM quay.io/almalinuxorg/almalinux:8 as auks_server -RUN yum -y update; yum install -y autoconf automake libtool\ - libtirpc libtirpc-devel krb5-devel krb5-workstation\ - make gcc diffutils file strace gdb +RUN dnf install -y epel-release; crb enable; dnf makecache +RUN dnf -y update; dnf install -y autoconf automake libtool\ + libtirpc libtirpc-devel krb5-devel krb5-workstation kstart\ + make gcc diffutils file strace gdb &&\ + dnf clean all -RUN dnf config-manager --set-enabled powertools; dnf install -y epel-release -RUN dnf install -y bats +COPY . /auks_src/ -COPY . auks +WORKDIR /auks_src/ -WORKDIR auks +RUN autoreconf -fvi && ./configure --prefix=/auks/ && make clean && make -j 8 && make -j 8 install && rm -Rf /auks_src +WORKDIR /auks -RUN autoreconf -fvi && ./configure && make clean && make && make install +RUN mkdir /var/cache/auks -COPY fixtures/krb5.conf /etc/krb5.conf -COPY fixtures/auks* /conf/ -COPY fixtures/renewer_script.sh /usr/local/bin/renewer_script.sh -COPY fixtures/entrypoint_*.sh /usr/local/bin/ -RUN chmod 0750 /usr/local/bin/entrypoint_*.sh +VOLUME /auks/etc +EXPOSE 12345/tcp +COPY entrypoint.sh /entrypoint.sh +RUN chmod a+x /entrypoint.sh -RUN mkdir /var/cache/auks +ENTRYPOINT ["/entrypoint.sh"] +CMD ["-v"] -RUN useradd -M -u 1234 user; useradd -M -u 4321 admin +FROM auks_server AS auks_test -EXPOSE 12345/tcp +RUN dnf install -y bats && dnf clean all +ENTRYPOINT ["bash"] diff --git a/compose.yaml b/compose.yaml deleted file mode 100644 index 492bdfd..0000000 --- a/compose.yaml +++ /dev/null @@ -1,42 +0,0 @@ -services: - auks_server: - build: . - image: quay.io/cea-hpc/auks - domainname: example.com - hostname: auks - command: bash -xe /usr/local/bin/entrypoint_auksd.sh - healthcheck: - test: ["CMD", "auks", "-f", "/conf/auks.conf", "-p"] - interval: 10s - timeout: 30s - retries: 5 - start_period: 10s - environment: - - KRB5_TRACE=/dev/stderr - depends_on: - kdc: - condition: service_healthy - kdc: - image: quay.io/cea-hpc/krb5-kdc-server-example-com - domainname: example.com - hostname: kdc - healthcheck: - test: ["CMD", "kadmin.local", "list_principals"] - interval: 10s - timeout: 30s - retries: 5 - start_period: 10s - auks_client: - build: . - image: quay.io/cea-hpc/auks - domainname: example.com - command: bash -xe /usr/local/bin/entrypoint_auks_client.sh sleep infinity - volumes: - - type: bind - source: ./tests/ - target: /tests/ - depends_on: - kdc: - condition: service_healthy - auks_server: - condition: service_healthy \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..c888456 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,5 @@ +#!/bin/bash -xe + +AUKS_PRIV_SYSLOG_PRIO="none" AUKS_PRIV_PRINC="${KRB5_PRINCIPAL}" AUKS_PRIV_KEYTAB="${KRB5_KTNAME}" /auks/sbin/aukspriv -v & + +/auks/sbin/auksd -F -f /auks/etc/auks.conf $@ diff --git a/fixtures/auks.conf b/fixtures/auks.conf index bc13db8..354eef4 100644 --- a/fixtures/auks.conf +++ b/fixtures/auks.conf @@ -9,16 +9,16 @@ common { # Primary daemon configuration - PrimaryHost = "auks" ; - #PrimaryAddress = "" ; + PrimaryHost = "localhost" ; + PrimaryAddress = "0.0.0.0" ; PrimaryPort = 12345 ; - PrimaryPrincipal = "auks/auks.example.com@EXAMPLE.COM" ; + PrimaryPrincipal = "auks/auks1.example.com@EXAMPLE.COM" ; # Secondary daemon configuration - SecondaryHost = "auks2" ; + SecondaryHost = "localhost" ; #SecondaryAddress = "" ; - SecondaryPort = "12345" ; - SecondaryPrincipal = "host/auks2.myrealm.org@MYREALM.ORG" ; + SecondaryPort = 12345 ; + SecondaryPrincipal = "host/auks2.example.com@EXAMPLE.COM" ; # If set, an attempt will be made to acquire a cross-realm ticket # for the given realm before forwarding credentials @@ -79,7 +79,7 @@ auksd { CacheDir = "/var/cache/auks" ; # ACL file for cred repo access authorization rules - ACLFile = "/conf/auks.acl" ; + ACLFile = "/auks/etc/auks.acl" ; # default size of incoming requests queue # it grows up dynamically diff --git a/tests/auks_conf/auks.acl b/tests/auks_conf/auks.acl new file mode 100644 index 0000000..4ad48a8 --- /dev/null +++ b/tests/auks_conf/auks.acl @@ -0,0 +1,57 @@ +#------------------------------------------------------------------------------ +# auks-0.3 daemon configuration file +# (Generated using autotools) +#------------------------------------------------------------------------------ + +#------------------------------------------------------------------------------- +# Any principals from realm REALM.A coming from any hosts are guests. +# Guests can only add creds to an Auks repository +#------------------------------------------------------------------------------- +# rule { +# principal = ^[[:alnum:]]*@REALM.A$ ; +# host = * ; +# role = guest ; +# } +#------------------------------------------------------------------------------- + +#------------------------------------------------------------------------------- +# Any principals from realm REALM.A coming from any hosts are users. +# Users can add/get/remove their own creds using an Auks repository +#------------------------------------------------------------------------------- +# rule { +# principal = ^[[:alnum:]]*@REALM.B$ ; +# host = * ; +# role = user ; +# } +#------------------------------------------------------------------------------- + +#------------------------------------------------------------------------------- +# Any principals from realm REALM.C coming from any hosts are administrators. +# Administrators can add/get/remove any creds and get dumps of the repository +#------------------------------------------------------------------------------- +# rule { +# principal = ^[[:alnum:]]*@REALM.C$ ; +# host = * ; +# role = admin ; +# } +#------------------------------------------------------------------------------- +rule { + principal = ^auks_guest@EXAMPLE.COM; + host = *; + role = guest; +} +rule { + principal = ^auks_admin@EXAMPLE.COM$; + host = *; + role = admin; +} +rule { + principal = ^auks_user@EXAMPLE.COM$; + host = *; + role = user; +} +rule { + principal = ^auks_unknown_user@EXAMPLE.COM$; + host = *; + role = user; +} diff --git a/tests/auks_conf/auks.conf b/tests/auks_conf/auks.conf new file mode 100644 index 0000000..981faac --- /dev/null +++ b/tests/auks_conf/auks.conf @@ -0,0 +1,124 @@ +#------------------------------------------------------------------------------ +# auks client and server configuration file +#------------------------------------------------------------------------------ + +#- +# Common client/server elements +#- +common { + + + # Primary daemon configuration + PrimaryHost = "localhost" ; + PrimaryAddress = "0.0.0.0" ; + PrimaryPort = 12345 ; + PrimaryPrincipal = "auksd@EXAMPLE.COM" ; + + # Secondary daemon configuration + SecondaryHost = "localhost" ; + SecondaryAddress = "0.0.0.0" ; + SecondaryPort = 12345 ; + SecondaryPrincipal = "auksd@EXAMPLE.COM" ; + + # If set, an attempt will be made to acquire a cross-realm ticket + # for the given realm before forwarding credentials + CrossRealm = "" ; + + # Enable/Disable NAT traversal support (yes/no) + # this value must be the same on every nodes + NAT = no ; + + # max connection retries number + Retries = 3 ; + + # connection timeout + Timeout = 10 ; + + # delay in seconds between retries + Delay = 3 ; + +} + +#- +# API only elements +#- +api { + + # log file and level + LogFile = "/tmp/auksapi.log" ; + LogLevel = "5" ; + + # optional debug file and level + DebugFile = "/tmp/auksapi.log" ; + DebugLevel = "5" ; + + HelperScript = "/usr/local/bin/renewer_script.sh"; +} + +#- +# Auks daemon only elements +#- +auksd { + + + # Primary daemon configuration + PrimaryKeytab = "/krb5-keytabs/auksd.keytab" ; + + # Secondary daemon configuration + SecondaryKeytab = "/krb5-keytabs/auksd.keytab" ; + + # log file and level + LogFile = "/var/log/auksd.log" ; + LogLevel = "1" ; + + # optional debug file and level + DebugFile = "/var/log/auksd.log" ; + DebugLevel = "0" ; + + # directory in which daemons store the creds + CacheDir = "/var/cache/auks" ; + + # ACL file for cred repo access authorization rules + ACLFile = "/auks/etc/auks.acl" ; + + # default size of incoming requests queue + # it grows up dynamically + QueueSize = 50 ; + + # default repository size (number fo creds) + # it grows up dynamicaly + RepoSize = 500 ; + + # number of workers for incoming request processing + Workers = 10 ; + + # delay in seconds between 2 repository clean stages + CleanDelay = 300 ; + + # use kerberos replay cache system (slow down) + ReplayCache = yes ; + +} + +#- +# Auksd renewer only elements +#- +renewer { + + # log file and level + LogFile = "/var/log/auksdrenewer.log" ; + LogLevel = "1" ; + + # optional debug file and level + DebugFile = "/var/log/auksdrenewer.log" ; + DebugLevel = "0" ; + + # delay between two renew loops + Delay = "60" ; + + # Min Lifetime for credentials to be renewed + # This value is also used as the grace trigger to renew creds + # In the container the lifetime is 10 hours (10*3600 - 1) + MinLifeTime = "35999" ; + +} diff --git a/tests/auks_conf/auks_client.conf b/tests/auks_conf/auks_client.conf new file mode 100644 index 0000000..fc8c314 --- /dev/null +++ b/tests/auks_conf/auks_client.conf @@ -0,0 +1,124 @@ +#------------------------------------------------------------------------------ +# auks client and server configuration file +#------------------------------------------------------------------------------ + +#- +# Common client/server elements +#- +common { + + + # Primary daemon configuration + PrimaryHost = "auks_server" ; + # PrimaryAddress = "0.0.0.0" ; + PrimaryPort = 12345 ; + PrimaryPrincipal = "auksd@EXAMPLE.COM" ; + + # Secondary daemon configuration + SecondaryHost = "localhost" ; + SecondaryAddress = "0.0.0.0" ; + SecondaryPort = 12345 ; + SecondaryPrincipal = "auksd@EXAMPLE.COM" ; + + # If set, an attempt will be made to acquire a cross-realm ticket + # for the given realm before forwarding credentials + CrossRealm = "" ; + + # Enable/Disable NAT traversal support (yes/no) + # this value must be the same on every nodes + NAT = no ; + + # max connection retries number + Retries = 3 ; + + # connection timeout + Timeout = 10 ; + + # delay in seconds between retries + Delay = 3 ; + +} + +#- +# API only elements +#- +api { + + # log file and level + LogFile = "/tmp/auksapi.log" ; + LogLevel = "5" ; + + # optional debug file and level + DebugFile = "/tmp/auksapi.log" ; + DebugLevel = "5" ; + + HelperScript = "/tests/renewer_script.sh"; +} + +#- +# Auks daemon only elements +#- +auksd { + + + # Primary daemon configuration + # PrimaryKeytab = "/etc/krb5.keytab" ; + + # Secondary daemon configuration + # SecondaryKeytab = "/etc/krb5.keytab" ; + + # log file and level + LogFile = "/var/log/auksd.log" ; + LogLevel = "1" ; + + # optional debug file and level + DebugFile = "/var/log/auksd.log" ; + DebugLevel = "0" ; + + # directory in which daemons store the creds + CacheDir = "/var/cache/auks" ; + + # ACL file for cred repo access authorization rules + ACLFile = "/auks/etc/auks.acl" ; + + # default size of incoming requests queue + # it grows up dynamically + QueueSize = 50 ; + + # default repository size (number fo creds) + # it grows up dynamicaly + RepoSize = 500 ; + + # number of workers for incoming request processing + Workers = 10 ; + + # delay in seconds between 2 repository clean stages + CleanDelay = 300 ; + + # use kerberos replay cache system (slow down) + ReplayCache = yes ; + +} + +#- +# Auksd renewer only elements +#- +renewer { + + # log file and level + LogFile = "/var/log/auksdrenewer.log" ; + LogLevel = "1" ; + + # optional debug file and level + DebugFile = "/var/log/auksdrenewer.log" ; + DebugLevel = "0" ; + + # delay between two renew loops + Delay = "60" ; + + # Min Lifetime for credentials to be renewed + # This value is also used as the grace trigger to renew creds + # In the container the lifetime is 10 hours (10*3600 - 1) + MinLifeTime = "35999" ; + +} diff --git a/tests/auks_tests_bootstrap.sh b/tests/auks_tests_bootstrap.sh new file mode 100644 index 0000000..9d2f592 --- /dev/null +++ b/tests/auks_tests_bootstrap.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +cat $KRB5_CONF + +gen_keytab(){ + local principal=$1 + local dest_kt=$2 + KADMIN="kadmin -p kadmin/admin -w password " + if ! $KADMIN list_principals | grep -w "${principal}"; then + $KADMIN add_principal -randkey "${principal}" + test -f "${dest_kt}" && rm "${dest_kt}" + $KADMIN ktadd -k "${dest_kt}" "${principal}" + fi +} + +gen_keytab auksd@EXAMPLE.COM /krb5-keytabs/auksd.keytab +gen_keytab auks_guest@EXAMPLE.COM /krb5-keytabs/auks_guest.keytab +gen_keytab auks_user@EXAMPLE.COM /krb5-keytabs/auks_user.keytab +gen_keytab auks_unknown_user@EXAMPLE.COM /krb5-keytabs/auks_unknown_user.keytab +gen_keytab auks_admin@EXAMPLE.COM /krb5-keytabs/auks_admin.keytab + +exec $@ + diff --git a/tests/bats/simple.bats b/tests/bats/simple.bats new file mode 100644 index 0000000..5fd9bd5 --- /dev/null +++ b/tests/bats/simple.bats @@ -0,0 +1,260 @@ +#!/usr/bin/env bats + +load "bats-support/load" +load "bats-assert/load" + +function setup(){ + ADMIN_KT="/krb5-keytabs/auks_admin.keytab" + ADMIN_PRINCIPAL="auks_admin@EXAMPLE.COM" + ADMIN_UID=2000 + USER_KT="/krb5-keytabs/auks_user.keytab" + USER_PRINCIPAL="auks_user@EXAMPLE.COM" + USER_UID=2001 + GUEST_KT="/krb5-keytabs/auks_guest.keytab" + GUEST_PRINCIPAL="auks_guest@EXAMPLE.COM" + GUEST_UID=2002 + UNKNOWN_USER_KT="/krb5-keytabs/auks_unknown_user.keytab" + UNKNOWN_USER_PRINCIPAL="auks_unknown_user@EXAMPLE.COM" + PATH="/auks/bin:${PATH}" + AUKS_CONFIG_FILE="/auks/etc/auks_client.conf" + unset KRB5_TRACE +} + +function teardown() { + test -e "${AUKS_CONFIG_FILE}".orig && mv "${AUKS_CONFIG_FILE}".orig "${AUKS_CONFIG_FILE}" + # Flush everything from auks + kinit -k -t "${ADMIN_KT}" "${ADMIN_PRINCIPAL}" + auks -f "${AUKS_CONFIG_FILE}" --remove --uid "${ADMIN_UID}" &>/dev/null; + auks -f "${AUKS_CONFIG_FILE}" --remove --uid "${USER_UID}" &>/dev/null; + test -e /tmp/renewed && rm /tmp/renewed + kdestroy || true +} + +@test "Ping as user" { + kinit -k -t "${USER_KT}" "${USER_PRINCIPAL}" + auks -f "${AUKS_CONFIG_FILE}" -p + auks -f "${AUKS_CONFIG_FILE}" --ping +} + +@test "Ping as regular user" { + kinit -k -t "${USER_KT}" "${USER_PRINCIPAL}" + auks -f "${AUKS_CONFIG_FILE}" -p + auks -f "${AUKS_CONFIG_FILE}" --ping +} + +@test "Complete Ccache life cyle as regular user (short options)" { + kinit -k -t "${USER_KT}" "${USER_PRINCIPAL}" + auks -f "${AUKS_CONFIG_FILE}" -p + run auks -f "${AUKS_CONFIG_FILE}" -g -u "${USER_UID}" + [ "$status" -ne 0 ] + auks -f "${AUKS_CONFIG_FILE}" -a + auks -f "${AUKS_CONFIG_FILE}" -g -u "${USER_UID}" + sleep 1 + auks -f "${AUKS_CONFIG_FILE}" -R once + test -e /tmp/renewed; rm /tmp/renewed + auks -f "${AUKS_CONFIG_FILE}" -r -u "${USER_UID}" + run auks -f "${AUKS_CONFIG_FILE}" -g -u "${USER_UID}" + [ "$status" -ne 0 ] +} + +@test "Complete Ccache life cyle as regular user (long options)" { + kinit -k -t "${USER_KT}" "${USER_PRINCIPAL}" + auks --config "${AUKS_CONFIG_FILE}" --ping + run auks --config "${AUKS_CONFIG_FILE}" --get --uid "${USER_UID}" + [ "$status" -ne 0 ] + auks --config "${AUKS_CONFIG_FILE}" --add + auks --config "${AUKS_CONFIG_FILE}" --get --uid "${USER_UID}" + sleep 1 + auks -f "${AUKS_CONFIG_FILE}" --renew once + test -e /tmp/renewed; rm /tmp/renewed + auks --config "${AUKS_CONFIG_FILE}" --remove --uid "${USER_UID}" + run auks --config "${AUKS_CONFIG_FILE}" --get --uid "${USER_UID}" + [ "$status" -ne 0 ] +} + +@test "Ping/Add/Get own cred as admin user" { + kinit -k -t "${ADMIN_KT}" "${ADMIN_PRINCIPAL}" + auks -f "${AUKS_CONFIG_FILE}" -p + auks -f "${AUKS_CONFIG_FILE}" -a + auks -f "${AUKS_CONFIG_FILE}" -g -u "${ADMIN_UID}" +} + +@test "Add/Get user cred as admin user (short options)" { + kinit -k -t "${ADMIN_KT}" "${ADMIN_PRINCIPAL}" + kinit -k -t "${USER_KT}" -c /tmp/krb5cc_bats "${USER_PRINCIPAL}" + auks -f "${AUKS_CONFIG_FILE}" -p + auks -f "${AUKS_CONFIG_FILE}" -a -C /tmp/krb5cc_bats + rm /tmp/krb5cc_bats + auks -f "${AUKS_CONFIG_FILE}" -g -u "${USER_UID}" -C /tmp/krb5cc_bats + auks -f "${AUKS_CONFIG_FILE}" -r -u "${USER_UID}" +} + +@test "Add/Get user cred as admin user (long options)" { + kinit -k -t "${ADMIN_KT}" "${ADMIN_PRINCIPAL}" + kinit -k -t "${USER_KT}" -c /tmp/krb5cc_bats "${USER_PRINCIPAL}" + auks --config "${AUKS_CONFIG_FILE}" --ping + auks --config "${AUKS_CONFIG_FILE}" --add --ccache /tmp/krb5cc_bats + rm /tmp/krb5cc_bats + auks --config "${AUKS_CONFIG_FILE}" --get --uid "${USER_UID}" --ccache /tmp/krb5cc_bats + auks --config "${AUKS_CONFIG_FILE}" --remove --uid "${USER_UID}" +} + +@test "Add/Get admin cred as user user" { + kinit -k -t "${USER_KT}" "${USER_PRINCIPAL}" + kinit -k -t "${ADMIN_KT}" -c /tmp/krb5cc_bats "${ADMIN_PRINCIPAL}" + auks -f "${AUKS_CONFIG_FILE}" -p + run auks -f "${AUKS_CONFIG_FILE}" -a -C /tmp/krb5cc_bats + [ "$status" -ne 0 ] + rm /tmp/krb5cc_bats + run auks -f "${AUKS_CONFIG_FILE}" -g -u "${ADMIN_UID}" -C /tmp/krb5cc_bats + [ "$status" -ne 0 ] + run bash -c 'klist -fanc /tmp/krb5cc_bats | grep admin' + [ "$status" -eq 1 ] + run test -f /run/krb5cc_bats + [ "$status" -eq 1 ] +} + +@test "Cannot dump creds as regular user" { + kinit -k -t "${USER_KT}" "${USER_PRINCIPAL}" + run auks -f "${AUKS_CONFIG_FILE}" -D + [ "$status" -ne 0 ] + run auks -f "${AUKS_CONFIG_FILE}" --dump + [ "$status" -ne 0 ] +} + +@test "Able to dump creds as a admin user" { + kinit -k -t "${ADMIN_KT}" "${ADMIN_PRINCIPAL}" + auks -f "${AUKS_CONFIG_FILE}" -D + auks -f "${AUKS_CONFIG_FILE}" --dump +} + +@test "Able to remove my own credential" { + kinit -k -t "${USER_KT}" "${USER_PRINCIPAL}" + auks -f "${AUKS_CONFIG_FILE}" -a -u "${USER_UID}" + auks -f "${AUKS_CONFIG_FILE}" -r -u "${USER_UID}" + run auks -f "${AUKS_CONFIG_FILE}" -D + [ "$status" -ne 0 ] + kinit -k -t "${ADMIN_KT}" "${ADMIN_PRINCIPAL}" + auks -f "${AUKS_CONFIG_FILE}" -D + refute_output -p "${USER_PRINCIPAL}" + kinit -k -t "${ADMIN_KT}" "${ADMIN_PRINCIPAL}" + auks -f "${AUKS_CONFIG_FILE}" -a -u "${ADMIN_UID}" + auks -f "${AUKS_CONFIG_FILE}" -r -u "${ADMIN_UID}" + auks -f "${AUKS_CONFIG_FILE}" -D + refute_output -p "${ADMIN_PRINCIPAL}" +} + +@test "Admins are able to remove all credentials" { + kinit -k -t "${ADMIN_KT}" "${ADMIN_PRINCIPAL}" + kinit -k -t "${USER_KT}" -c /tmp/krb5cc_bats "${USER_PRINCIPAL}" + auks -f "${AUKS_CONFIG_FILE}" -a -u "${USER_UID}" -C /tmp/krb5cc_bats + auks -f "${AUKS_CONFIG_FILE}" -a -u "${ADMIN_UID}" + run auks -f "${AUKS_CONFIG_FILE}" -D + assert_output -p "${USER_PRINCIPAL}" + assert_output -p "${ADMIN_PRINCIPAL}" + auks -f "${AUKS_CONFIG_FILE}" -r -u "${USER_UID}" + auks -f "${AUKS_CONFIG_FILE}" -r -u "${ADMIN_UID}" + run auks -f "${AUKS_CONFIG_FILE}" -D + refute_output -p "${USER_PRINCIPAL}" + refute_output -p "${ADMIN_PRINCIPAL}" +} + +@test "Auks client is able to dump a credential to a local file" { + run bash -c "rm /tmp/auks_cred" + kinit -k -t "${ADMIN_KT}" "${ADMIN_PRINCIPAL}" + auks -f "${AUKS_CONFIG_FILE}" --add + auks -f "${AUKS_CONFIG_FILE}" --send --uid "${ADMIN_UID}" > /tmp/auks_cred + test -s /tmp/auks_cred + auks -f "${AUKS_CONFIG_FILE}" --remove --uid "${ADMIN_UID}" + rm /tmp/auks_cred +} + +@test "Auks client is able to receive a credential from a pipe" { + run bash -c "rm /tmp/auks_cred" + kinit -k -t "${ADMIN_KT}" "${ADMIN_PRINCIPAL}" + run test -e /tmp/auks_cred + [ "$status" -eq 1 ] + auks -f "${AUKS_CONFIG_FILE}" --add + auks -f "${AUKS_CONFIG_FILE}" --send -u "${ADMIN_UID}" | auks -f "${AUKS_CONFIG_FILE}" --receive -C /tmp/auks_cred + auks -f "${AUKS_CONFIG_FILE}" --remove --uid "${ADMIN_UID}" + run bash -c "auks -f "${AUKS_CONFIG_FILE}" --dump | grep -w ${ADMIN_PRINCIPAL}" + [ "$status" -eq 1 ] + klist -fnac /tmp/auks_cred + rm /tmp/auks_cred +} + +@test "Auks client is able to receive a credential with no krb5 tkt" { + run bash -c "rm /tmp/auks_cred" + kinit -k -t "${ADMIN_KT}" "${ADMIN_PRINCIPAL}" + run test -e /tmp/auks_cred + [ "$status" -eq 1 ] + auks -f "${AUKS_CONFIG_FILE}" --add + auks -f "${AUKS_CONFIG_FILE}" --send -u "${ADMIN_UID}" > /tmp/auks_msg + test -s /tmp/auks_msg + auks -f "${AUKS_CONFIG_FILE}" --remove --uid "${ADMIN_UID}" + KRB5CCNAME=/dev/null auks -f "${AUKS_CONFIG_FILE}" --receive -C /tmp/auks_cred < /tmp/auks_msg + klist -fnac /tmp/auks_cred + rm /tmp/auks_msg /tmp/auks_cred +} + +@test "Auks does not fail when a cross-realm is not available" { + kinit -k -t "${ADMIN_KT}" "${ADMIN_PRINCIPAL}" + sed -i.orig 's/CrossRealm.*;$/CrossRealm = \"CROSS.EXAMPLE.COM\";/' "${AUKS_CONFIG_FILE}" + auks -f "${AUKS_CONFIG_FILE}" --add + mv "${AUKS_CONFIG_FILE}".orig "${AUKS_CONFIG_FILE}" +} + +@test "Fail when renewal script fails" { + kinit -k -t "${USER_KT}" "${USER_PRINCIPAL}" + auks --config "${AUKS_CONFIG_FILE}" --ping + sed -i.orig 's/HelperScript.*/HelperScript=\"\/bin\/false\";/' "${AUKS_CONFIG_FILE}" + run auks --config "${AUKS_CONFIG_FILE}" --get --uid "${USER_UID}" + [ "$status" -ne 0 ] + auks --config "${AUKS_CONFIG_FILE}" --add + auks --config "${AUKS_CONFIG_FILE}" --get --uid "${USER_UID}" + sleep 1 + run auks -f "${AUKS_CONFIG_FILE}" --renew once -vvv -ddd + [ "$status" -ne 0 ] + test -e /tmp/renewed && rm /tmp/renewed + auks --config "${AUKS_CONFIG_FILE}" --remove --uid "${USER_UID}" + run auks --config "${AUKS_CONFIG_FILE}" --get --uid "${USER_UID}" + [ "$status" -ne 0 ] +} + +@test "Not fail when renewal script is not executable" { + kinit -k -t "${USER_KT}" "${USER_PRINCIPAL}" + auks --config "${AUKS_CONFIG_FILE}" --ping + sed -i.orig 's/HelperScript.*/HelperScript=\"\/not\/existing\/script\";/' "${AUKS_CONFIG_FILE}" + run auks --config "${AUKS_CONFIG_FILE}" --get --uid "${USER_UID}" + [ "$status" -ne 0 ] + auks --config "${AUKS_CONFIG_FILE}" --add + auks --config "${AUKS_CONFIG_FILE}" --get --uid "${USER_UID}" + sleep 1 + auks -f "${AUKS_CONFIG_FILE}" --renew once -vvv -ddd + test -e /tmp/renewed && rm /tmp/renewed + auks --config "${AUKS_CONFIG_FILE}" --remove --uid "${USER_UID}" + run auks --config "${AUKS_CONFIG_FILE}" --get --uid "${USER_UID}" + [ "$status" -ne 0 ] +} + +@test "Not fail when renewal script is not set" { + kinit -k -t "${USER_KT}" "${USER_PRINCIPAL}" + auks --config "${AUKS_CONFIG_FILE}" --ping + sed -i.orig 's/HelperScript.*/HelperScript=\"\";/' "${AUKS_CONFIG_FILE}" + run auks --config "${AUKS_CONFIG_FILE}" --get --uid "${USER_UID}" + [ "$status" -ne 0 ] + auks --config "${AUKS_CONFIG_FILE}" --add + auks --config "${AUKS_CONFIG_FILE}" --get --uid "${USER_UID}" + sleep 1 + auks -f "${AUKS_CONFIG_FILE}" --renew once -vvv -ddd + test -e /tmp/renewed && rm /tmp/renewed + auks --config "${AUKS_CONFIG_FILE}" --remove --uid "${USER_UID}" + run auks --config "${AUKS_CONFIG_FILE}" --get --uid "${USER_UID}" + [ "$status" -ne 0 ] +} + +@test "Fail to add a cred when the user is not known" { + kinit -k -t "${UNKNOWN_USER_KT}" "${UNKNOWN_USER_PRINCIPAL}" + run auks --config "${AUKS_CONFIG_FILE}" --add + [ "$status" -ne 0 ] +} diff --git a/tests/compose.yaml b/tests/compose.yaml new file mode 100644 index 0000000..f3ab76e --- /dev/null +++ b/tests/compose.yaml @@ -0,0 +1,78 @@ +services: + auks_server: + build: + context: ../ + target: auks_server + image: quay.io/cea-hpc/auks + healthcheck: + test: ["CMD", "auks", "-f", "/conf/auks.conf", "-p"] + interval: 10s + timeout: 30s + retries: 5 + start_period: 10s + environment: + - KRB5_TRACE=/dev/stderr + - KRB5_CONFIG=/run/secrets/krb5_conf + - KRB5_KTNAME=/krb5-keytabs/auksd.keytab + - KRB5_PRINCIPAL=auksd@EXAMPLE.COM + - AUKS_PRIV_RENEW_INT=1 + command: + - "-vvvvv" + - "-ddddd" + volumes: + - type: bind + source: ./auks_conf/ + target: /auks/etc/ + - krb5_keytabs:/krb5-keytabs + secrets: + - krb5_conf + depends_on: + kdc: + condition: service_healthy + kdc: + image: quay.io/cea-hpc/krb5-kdc-server-example-com + domainname: example.com + hostname: kdc + healthcheck: + test: ["CMD", "kadmin.local", "list_principals"] + interval: 10s + timeout: 30s + retries: 5 + start_period: 10s + volumes: + - krb5_keytabs:/krb5-keytabs + + auks_client: + build: + context: ../ + target: auks_test + image: quay.io/cea-hpc/auks_test + command: + - "-x" + - "/tests/auks_tests_bootstrap.sh" + - "sleep" + - "infinity" + volumes: + - type: bind + source: ./auks_conf/ + target: /auks/etc/ + - type: bind + source: . + target: /tests/ + - krb5_keytabs:/krb5-keytabs + environment: + - KRB5_CONFIG=/run/secrets/krb5_conf + - KRB5_TRACE=/dev/stderr + - KRB5CCNAME=/tmp/krb5cc + secrets: + - krb5_conf + depends_on: + kdc: + condition: service_healthy + +secrets: + krb5_conf: + file: ./krb5.conf + +volumes: + krb5_keytabs: diff --git a/fixtures/krb5.conf b/tests/krb5.conf similarity index 90% rename from fixtures/krb5.conf rename to tests/krb5.conf index edb6e10..2a52b52 100644 --- a/fixtures/krb5.conf +++ b/tests/krb5.conf @@ -17,6 +17,7 @@ includedir /etc/krb5.conf.d/ pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt spake_preauth_groups = edwards25519 default_realm = EXAMPLE.COM + default_ccache_name = FILE:/tmp/krb5cc_%{uid} [realms] EXAMPLE.COM = { @@ -27,4 +28,4 @@ includedir /etc/krb5.conf.d/ [domain_realm] .example.com = EXAMPLE.COM - example.com = EXAMPLE.COM \ No newline at end of file + example.com = EXAMPLE.COM diff --git a/fixtures/renewer_script.sh b/tests/renewer_script.sh similarity index 100% rename from fixtures/renewer_script.sh rename to tests/renewer_script.sh diff --git a/tests/simple.bats b/tests/simple.bats deleted file mode 100644 index d92613c..0000000 --- a/tests/simple.bats +++ /dev/null @@ -1,247 +0,0 @@ -#!/usr/bin/env bats -function setup() { - KADMIN="kadmin -p kadmin/admin -w password" - if ! $KADMIN list_principals | grep -w '^user@EXAMPLE.COM$'; then - $KADMIN add_principal -randkey user - fi - if ! $KADMIN list_principals | grep -w '^admin@EXAMPLE.COM$'; then - $KADMIN add_principal -randkey admin - fi - $KADMIN ktadd -k /user.keytab user - $KADMIN ktadd -k /admin.keytab admin -} - -function teardown() { - test -e /conf/auks.conf.orig && mv /conf/auks.conf.orig /conf/auks.conf - # Flush everything from auks - kinit -k -t /user.keytab admin - auks -f /conf/auks.conf --remove --uid 4321 &>/dev/null; - auks -f /conf/auks.conf --remove --uid 1234 &>/dev/null; - $KADMIN delete_principal -force user - $KADMIN delete_principal -force admin - rm /user.keytab /admin.keytab || true - test -e /tmp/renewed && rm /tmp/renewed - kdestroy || true - # Re-set for debug - setup -} - -@test "Ping as host" { - kinit -k host/$(hostname -f)@EXAMPLE.COM - auks -f /conf/auks.conf -p - auks -f /conf/auks.conf --ping -} - -@test "Ping as regular user" { - kinit -k -t /user.keytab user - auks -f /conf/auks.conf -p - auks -f /conf/auks.conf --ping -} - -@test "Complete Ccache life cyle as regular user (short options)" { - kinit -k -t /user.keytab user - auks -f /conf/auks.conf -p - run auks -f /conf/auks.conf -g -u 1234 - [ "$status" -ne 0 ] - auks -f /conf/auks.conf -a - auks -f /conf/auks.conf -g -u 1234 - sleep 1 - auks -f /conf/auks.conf -R once - test -e /tmp/renewed; rm /tmp/renewed - auks -f /conf/auks.conf -r -u 1234 - run auks -f /conf/auks.conf -g -u 1234 - [ "$status" -ne 0 ] -} - -@test "Complete Ccache life cyle as regular user (long options)" { - kinit -k -t /user.keytab user - auks --config /conf/auks.conf --ping - run auks --config /conf/auks.conf --get --uid 1234 - [ "$status" -ne 0 ] - auks --config /conf/auks.conf --add - auks --config /conf/auks.conf --get --uid 1234 - sleep 1 - auks -f /conf/auks.conf --renew once - test -e /tmp/renewed; rm /tmp/renewed - auks --config /conf/auks.conf --remove --uid 1234 - run auks --config /conf/auks.conf --get --uid 1234 - [ "$status" -ne 0 ] -} - -@test "Ping/Add/Get own cred as admin user" { - kinit -k -t /admin.keytab admin - auks -f /conf/auks.conf -p - auks -f /conf/auks.conf -a - auks -f /conf/auks.conf -g -u 4321 -} - -@test "Add/Get user cred as admin user (short options)" { - kinit -k -t /admin.keytab admin - kinit -k -t /user.keytab -c /tmp/krb5cc_bats user - auks -f /conf/auks.conf -p - auks -f /conf/auks.conf -a -C /tmp/krb5cc_bats - rm /tmp/krb5cc_bats - auks -f /conf/auks.conf -g -u 1234 -C /tmp/krb5cc_bats - auks -f /conf/auks.conf -r -u 1234 -} - -@test "Add/Get user cred as admin user (long options)" { - kinit -k -t /admin.keytab admin - kinit -k -t /user.keytab -c /tmp/krb5cc_bats user - auks --config /conf/auks.conf --ping - auks --config /conf/auks.conf --add --ccache /tmp/krb5cc_bats - rm /tmp/krb5cc_bats - auks --config /conf/auks.conf --get --uid 1234 --ccache /tmp/krb5cc_bats - auks --config /conf/auks.conf --remove --uid 1234 -} - -@test "Add/Get admin cred as user user" { - kinit -k -t /user.keytab user - kinit -k -t /admin.keytab -c /tmp/krb5cc_bats admin - auks -f /conf/auks.conf -p - run auks -f /conf/auks.conf -a -C /tmp/krb5cc_bats - [ "$status" -ne 0 ] - rm /tmp/krb5cc_bats - run auks -f /conf/auks.conf -g -u 4321 -C /tmp/krb5cc_bats - [ "$status" -ne 0 ] - run bash -c 'klist -fanc /tmp/krb5cc_bats | grep admin' - [ "$status" -eq 1 ] - run test -f /run/krb5cc_bats - [ "$status" -eq 1 ] -} - -@test "Cannot dump creds as regular user" { - kinit -k -t /user.keytab user - run auks -f /conf/auks.conf -D - [ "$status" -ne 0 ] - run auks -f /conf/auks.conf --dump - [ "$status" -ne 0 ] -} - -@test "Able to dump creds as a admin user" { - kinit -k -t /admin.keytab admin - auks -f /conf/auks.conf -D - auks -f /conf/auks.conf --dump -} - -@test "Able to remove my own credential" { - kinit -k -t /user.keytab user - auks -f /conf/auks.conf -a -u 1234 - auks -f /conf/auks.conf -r -u 1234 - run bash -c 'auks -f /conf/auks.conf -D | grep user' - [ "$status" -eq 1 ] - kinit -k -t /admin.keytab admin - auks -f /conf/auks.conf -a -u 4321 - auks -f /conf/auks.conf -r -u 4321 - run bash -c 'auks -f /conf/auks.conf -D | grep user' - [ "$status" -eq 1 ] -} - -@test "Admins are able to remove all credentials" { - kinit -k -t /admin.keytab admin - kinit -k -t /user.keytab -c /tmp/krb5cc_bats user - auks -f /conf/auks.conf -a -u 1234 -C /tmp/krb5cc_bats - auks -f /conf/auks.conf -a -u 4321 - auks -f /conf/auks.conf -D | grep -w user@EXAMPLE.COM - auks -f /conf/auks.conf -D | grep -w admin@EXAMPLE.COM - auks -f /conf/auks.conf -r -u 1234 - auks -f /conf/auks.conf -r -u 4321 - run bash -c 'auks -f /conf/auks.conf -D | grep -w user@EXAMPLE.COM' - [ "$status" -eq 1 ] - run bash -c 'auks -f /conf/auks.conf -D | grep -w admin@EXAMPLE.COM' - [ "$status" -eq 1 ] -} - -@test "Auks client is able to dump a credential to a local file" { - run bash -c "rm /tmp/auks_cred" - kinit -k -t /admin.keytab admin - auks -f /conf/auks.conf --add - auks -f /conf/auks.conf --send --uid 4321 > /tmp/auks_cred - test -s /tmp/auks_cred - auks -f /conf/auks.conf --remove --uid 4321 - rm /tmp/auks_cred -} - -@test "Auks client is able to receive a credential from a pipe" { - run bash -c "rm /tmp/auks_cred" - kinit -k -t /admin.keytab admin - run test -e /tmp/auks_cred - [ "$status" -eq 1 ] - auks -f /conf/auks.conf --add - auks -f /conf/auks.conf --send -u 4321 | auks -f /conf/auks.conf --receive -C /tmp/auks_cred - auks -f /conf/auks.conf --remove --uid 4321 - run bash -c "auks -f /conf/auks.conf --dump | grep -w admin@EXAMPLE.COM" - [ "$status" -eq 1 ] - klist -fnac /tmp/auks_cred - rm /tmp/auks_cred -} - -@test "Auks client is able to receive a credential with no krb5 tkt" { - run bash -c "rm /tmp/auks_cred" - kinit -k -t /admin.keytab admin - run test -e /tmp/auks_cred - [ "$status" -eq 1 ] - auks -f /conf/auks.conf --add - auks -f /conf/auks.conf --send -u 4321 > /tmp/auks_msg - test -s /tmp/auks_msg - auks -f /conf/auks.conf --remove --uid 4321 - KRB5CCNAME=/dev/null auks -f /conf/auks.conf --receive -C /tmp/auks_cred < /tmp/auks_msg - klist -fnac /tmp/auks_cred - rm /tmp/auks_msg /tmp/auks_cred -} - -@test "Auks does not fail when a cross-realm is not available" { - kinit -k -t /admin.keytab admin - sed -i.orig 's/CrossRealm.*;$/CrossRealm = \"CROSS.EXAMPLE.COM\";/' /conf/auks.conf - auks -f /conf/auks.conf --add - mv /conf/auks.conf.orig /conf/auks.conf -} - -@test "Fail when renewal script fails" { - kinit -k -t /user.keytab user - auks --config /conf/auks.conf --ping - sed -i.orig 's/HelperScript.*/HelperScript=\"\/bin\/false\";/' /conf/auks.conf - run auks --config /conf/auks.conf --get --uid 1234 - [ "$status" -ne 0 ] - auks --config /conf/auks.conf --add - auks --config /conf/auks.conf --get --uid 1234 - sleep 1 - run auks -f /conf/auks.conf --renew once -vvv -ddd - [ "$status" -ne 0 ] - test -e /tmp/renewed && rm /tmp/renewed - auks --config /conf/auks.conf --remove --uid 1234 - run auks --config /conf/auks.conf --get --uid 1234 - [ "$status" -ne 0 ] -} - -@test "Not fail when renewal script is not executable" { - kinit -k -t /user.keytab user - auks --config /conf/auks.conf --ping - sed -i.orig 's/HelperScript.*/HelperScript=\"\/not\/existing\/script\";/' /conf/auks.conf - run auks --config /conf/auks.conf --get --uid 1234 - [ "$status" -ne 0 ] - auks --config /conf/auks.conf --add - auks --config /conf/auks.conf --get --uid 1234 - sleep 1 - auks -f /conf/auks.conf --renew once -vvv -ddd - test -e /tmp/renewed && rm /tmp/renewed - auks --config /conf/auks.conf --remove --uid 1234 - run auks --config /conf/auks.conf --get --uid 1234 - [ "$status" -ne 0 ] -} - -@test "Not fail when renewal script is not set" { - kinit -k -t /user.keytab user - auks --config /conf/auks.conf --ping - sed -i.orig 's/HelperScript.*/HelperScript=\"\";/' /conf/auks.conf - run auks --config /conf/auks.conf --get --uid 1234 - [ "$status" -ne 0 ] - auks --config /conf/auks.conf --add - auks --config /conf/auks.conf --get --uid 1234 - sleep 1 - auks -f /conf/auks.conf --renew once -vvv -ddd - test -e /tmp/renewed && rm /tmp/renewed - auks --config /conf/auks.conf --remove --uid 1234 - run auks --config /conf/auks.conf --get --uid 1234 - [ "$status" -ne 0 ] -} From 9b12f48adccba30ab6ac9edb6034e4a7ba8b6a2a Mon Sep 17 00:00:00 2001 From: Romain Fihue Date: Wed, 24 Jul 2024 15:12:48 +0200 Subject: [PATCH 5/5] Update gitlab/travis pipilines --- .gitlab-ci.yml | 30 ++++++++++++++++-------------- .travis.yml | 19 +++++++++++++------ 2 files changed, 29 insertions(+), 20 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9798e64..7c33ef4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,16 +1,18 @@ -build: - stage: build - script: - - autoreconf -fvi - - ./configure - - make rpm - artifacts: - paths: - - auks*rpm +variables: + GIT_SUBMODULE_STRATEGY: recursive + +default: + before_script: + - docker info + - docker-compose version -# run tests using the binary built before -#test: -# stage: test -# script: -# - ./test.sh +test: + script: + - cd tests + - docker-compose build --parallel + - docker-compose up -d --force-recreate + - docker-compose exec -ti auks_server useradd -M -u 2000 auks_admin + - docker-compose exec -ti auks_server useradd -M -u 2001 auks_user + - docker-compose exec -ti auks_server useradd -M -u 2002 auks_guest + - docker-compose exec -ti auks_client bats /tests/bats/ diff --git a/.travis.yml b/.travis.yml index e9e5bd1..400f63a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,9 @@ +services: + - docker + +git: + submodules: true + language: c os: linux @@ -6,10 +12,11 @@ arch: - amd64 - arm64 -compiler: - - gcc - script: - - autoreconf -fvi - - ./configure - - make \ No newline at end of file + - cd tests + - docker-compose build --parallel + - docker-compose up -d --force-recreate + - docker-compose exec -ti auks_server useradd -M -u 2000 auks_admin + - docker-compose exec -ti auks_server useradd -M -u 2001 auks_user + - docker-compose exec -ti auks_server useradd -M -u 2002 auks_guest + - docker-compose exec -ti auks_client bats --tap /tests/bats/