Merge pull request #3221 from quay/test-certs

Script to test certs
2018-08-24 12:54:10 -04:00 · 2018-08-24 12:54:10 -04:00 · 975a3bfe3b
commit 975a3bfe3b
parent dcaa98a428 dabad24cae
4 changed files with 80 additions and 0 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -48,6 +48,9 @@ jobs:
    - stage: test
      script: scripts/ci registry_old

+    - stage: test
+      script: scripts/ci certs_test
+
    - stage: database
      script: scripts/ci mysql

--- a/3
+++ b/3
@ -60,6 +60,9 @@ registry-test-old:
 	--timeout=3600 --verbose --show-count -x \
 	./test/registry_tests.py

+certs-test:
+	./test/test_certs_install.sh
+
 full-db-test: ensure-test-db
 	TEST=true PYTHONPATH=. alembic upgrade head
 	TEST=true PYTHONPATH=. SKIP_DB_SCHEMA=true py.test --timeout=7200 \
--- a/scripts/ci
+++ b/scripts/ci
@ -69,6 +69,10 @@ registry_old() {
    load_image && quay_run make registry-test-old
 }

+certs_test() {
+    load_image && quay_run make certs-test
+}
+

 mysql_ping() {
    mysqladmin --connect-timeout=2 --wait=60 --host=127.0.0.1 \
@ -146,6 +150,10 @@ case "$1" in
        registry_old
        ;;

+    certs_test)
+        certs_test
+        ;;
+
    mysql)
        mysql
        ;;
--- a/test/test_certs_install.sh
+++ b/test/test_certs_install.sh
@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+
+set -e
+
+echo "> Starting certs install test"
+
+# Set up all locations needed for the test
+QUAYPATH=${QUAYPATH:-"."}
+SCRIPT_LOCATION=${SCRIPT_LOCATION:-"/quay-registry/conf/init"}
+
+# Parameters: (quay config dir, certifcate dir, number of certs expected).
+function call_script_and_check_num_certs {
+    QUAYCONFIG=$1 CERTDIR=$2 ${SCRIPT_LOCATION}/certs_install.sh
+    if [ $? -ne 0 ]; then
+        echo "Failed to install $3 certs"
+        exit 1;
+    fi
+
+    certs_found=$(ls /usr/local/share/ca-certificates | wc -l)
+    if [ ${certs_found} -ne "$3" ]; then
+        echo "Expected there to be $3 in ca-certificates, found $certs_found"
+        exit 1
+    fi
+}
+
+# Create a dummy cert we can test to install
+echo '{"CN":"CA","key":{"algo":"rsa","size":2048}}' | cfssl gencert -initca - | cfssljson -bare test
+
+# Create temp dirs we can test with
+WORK_DIR=`mktemp -d`
+CERTS_WORKDIR=`mktemp -d`
+
+# deletes the temp directory
+function cleanup {
+  rm -rf "$WORK_DIR"
+  rm -rf "$CERTS_WORKDIR"
+  rm test.pem
+  rm test-key.pem
+}
+
+# register the cleanup function to be called on the EXIT signal
+trap cleanup EXIT
+
+# Test calling with empty directory to not fail
+call_script_and_check_num_certs ${WORK_DIR} ${CERTS_WORKDIR} 0
+if [ "$?" -ne 0 ]; then
+    echo "Failed to install certs with no files in the directory"
+    exit 1
+fi
+
+# Move an ldap cert into the temp directory and test that installation
+cp test.pem ${WORK_DIR}/ldap.crt
+call_script_and_check_num_certs ${WORK_DIR} ${CERTS_WORKDIR} 1
+
+# Move 1 cert to extra cert dir and test
+cp test.pem ${CERTS_WORKDIR}/cert1.crt
+call_script_and_check_num_certs ${WORK_DIR} ${CERTS_WORKDIR} 2
+
+
+# Move another cert to extra cer dir and test all three exist
+cp test.pem ${CERTS_WORKDIR}/cert2.crt
+call_script_and_check_num_certs ${WORK_DIR} ${CERTS_WORKDIR} 3
+
+
+echo "> Certs install script test succeeded"
+exit 0