From dabad24cae79e460f0511ad29227a0d980ad3d69 Mon Sep 17 00:00:00 2001 From: Sam Chow Date: Thu, 23 Aug 2018 15:41:00 -0400 Subject: [PATCH] Add test for certs_install script Add make ability for travis ci --- .travis.yml | 3 ++ Makefile | 3 ++ scripts/ci | 8 +++++ test/test_certs_install.sh | 66 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 80 insertions(+) create mode 100755 test/test_certs_install.sh diff --git a/.travis.yml b/.travis.yml index f0950275f..173cbe963 100644 --- a/.travis.yml +++ b/.travis.yml @@ -48,6 +48,9 @@ jobs: - stage: test script: scripts/ci registry_old + - stage: test + script: scripts/ci certs_test + - stage: database script: scripts/ci mysql diff --git a/Makefile b/Makefile index 50f8109c7..bfe578094 100644 --- a/Makefile +++ b/Makefile @@ -60,6 +60,9 @@ registry-test-old: --timeout=3600 --verbose --show-count -x \ ./test/registry_tests.py +certs-test: + ./test/test_certs_install.sh + full-db-test: ensure-test-db TEST=true PYTHONPATH=. alembic upgrade head TEST=true PYTHONPATH=. SKIP_DB_SCHEMA=true py.test --timeout=7200 \ diff --git a/scripts/ci b/scripts/ci index 192c48bf4..1d21607dc 100755 --- a/scripts/ci +++ b/scripts/ci @@ -69,6 +69,10 @@ registry_old() { load_image && quay_run make registry-test-old } +certs_test() { + load_image && quay_run make certs-test +} + mysql_ping() { mysqladmin --connect-timeout=2 --wait=60 --host=127.0.0.1 \ @@ -146,6 +150,10 @@ case "$1" in registry_old ;; + certs_test) + certs_test + ;; + mysql) mysql ;; diff --git a/test/test_certs_install.sh b/test/test_certs_install.sh new file mode 100755 index 000000000..e0fc80251 --- /dev/null +++ b/test/test_certs_install.sh @@ -0,0 +1,66 @@ +#!/usr/bin/env bash + +set -e + +echo "> Starting certs install test" + +# Set up all locations needed for the test +QUAYPATH=${QUAYPATH:-"."} +SCRIPT_LOCATION=${SCRIPT_LOCATION:-"/quay-registry/conf/init"} + +# Parameters: (quay config dir, certifcate dir, number of certs expected). +function call_script_and_check_num_certs { + QUAYCONFIG=$1 CERTDIR=$2 ${SCRIPT_LOCATION}/certs_install.sh + if [ $? -ne 0 ]; then + echo "Failed to install $3 certs" + exit 1; + fi + + certs_found=$(ls /usr/local/share/ca-certificates | wc -l) + if [ ${certs_found} -ne "$3" ]; then + echo "Expected there to be $3 in ca-certificates, found $certs_found" + exit 1 + fi +} + +# Create a dummy cert we can test to install +echo '{"CN":"CA","key":{"algo":"rsa","size":2048}}' | cfssl gencert -initca - | cfssljson -bare test + +# Create temp dirs we can test with +WORK_DIR=`mktemp -d` +CERTS_WORKDIR=`mktemp -d` + +# deletes the temp directory +function cleanup { + rm -rf "$WORK_DIR" + rm -rf "$CERTS_WORKDIR" + rm test.pem + rm test-key.pem +} + +# register the cleanup function to be called on the EXIT signal +trap cleanup EXIT + +# Test calling with empty directory to not fail +call_script_and_check_num_certs ${WORK_DIR} ${CERTS_WORKDIR} 0 +if [ "$?" -ne 0 ]; then + echo "Failed to install certs with no files in the directory" + exit 1 +fi + +# Move an ldap cert into the temp directory and test that installation +cp test.pem ${WORK_DIR}/ldap.crt +call_script_and_check_num_certs ${WORK_DIR} ${CERTS_WORKDIR} 1 + +# Move 1 cert to extra cert dir and test +cp test.pem ${CERTS_WORKDIR}/cert1.crt +call_script_and_check_num_certs ${WORK_DIR} ${CERTS_WORKDIR} 2 + + +# Move another cert to extra cer dir and test all three exist +cp test.pem ${CERTS_WORKDIR}/cert2.crt +call_script_and_check_num_certs ${WORK_DIR} ${CERTS_WORKDIR} 3 + + +echo "> Certs install script test succeeded" +exit 0