From 52bb6ddd4add0787e88faa77f413f29c7af7217d Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 9 Nov 2022 21:30:09 +0000 Subject: [PATCH] attempt full-cycle test --- Jenkinsfile | 6 +- test-compose/webisoget/Dockerfile | 10 ++++ test-compose/webisoget/sptest.login | 3 + tests/fulltest.sh | 67 +++++++++++++--------- tests/main.bats | 88 ++++++++++++++--------------- 5 files changed, 100 insertions(+), 74 deletions(-) create mode 100644 test-compose/webisoget/Dockerfile create mode 100644 test-compose/webisoget/sptest.login diff --git a/Jenkinsfile b/Jenkinsfile index ee85588..98c613c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -73,10 +73,10 @@ pipeline { steps { script { try { - // echo "Starting tests..." - // sh 'bin/test.sh 2>&1 | tee debug ; test ${PIPESTATUS[0]} -eq 0' + echo "Starting tests..." + sh 'bin/test.sh 2>&1 | tee debug ; test ${PIPESTATUS[0]} -eq 0' // ===> need bats, webisoget on jenkins node, also need to send/set correct image name - echo "Skipping tests for now" + // echo "Skipping tests for now" } catch (error) { def error_details = readFile('./debug') def message = "BUILD ERROR: There was a problem testing ${maintainer}/${imagename}:${tag}. \n\n ${error_details}" diff --git a/test-compose/webisoget/Dockerfile b/test-compose/webisoget/Dockerfile new file mode 100644 index 0000000..dadf692 --- /dev/null +++ b/test-compose/webisoget/Dockerfile @@ -0,0 +1,10 @@ +FROM rockylinux:8.6 + +RUN yum -y install libtool autoconf automake gcc make libcurl-devel openssl-devel git + +RUN cd /; git clone https://github.com/UWIT-IAM/webisoget; cd /webisoget; bash ./boot;./configure --disable-dependency-tracking;make;make install + +COPY sptest.login /webisoget + +#ENTRYPOINT ["usr/local/bin/webisoget"] +CMD ["tail", "-f", "/dev/null"] diff --git a/test-compose/webisoget/sptest.login b/test-compose/webisoget/sptest.login new file mode 100644 index 0000000..f41b11c --- /dev/null +++ b/test-compose/webisoget/sptest.login @@ -0,0 +1,3 @@ +name=; domain=idp.example.edu; j_username=kwhite; j_password=password; +name=shibboleth; +name=form1;submit_value=Continue; diff --git a/tests/fulltest.sh b/tests/fulltest.sh index 40d7d0a..d56fa67 100755 --- a/tests/fulltest.sh +++ b/tests/fulltest.sh @@ -1,5 +1,7 @@ #!/bin/bash +. ../common.bash + pushd test-compose &>/dev/null echo "Launching fresh containers..." ./decompose.sh -y &>/dev/null @@ -13,37 +15,48 @@ pushd tests &>/dev/null rm -f ./lastpage.txt #ensure webisoget is installed -echo "ensuring that webisoget is installed..." -rpm -q webisoget &>/dev/null -if [ $? -ne '0' ]; then - echo "downloading webisoget rpm" - curl -s -L -o webisoget-2.8.7-1.x86_64.rpm https://github.internet2.edu/docker/util/blob/master/bin/webisoget-2.8.7-1.x86_64.rpm?raw=true - if [ -s webisoget-2.8.7-1.x86_64.rpm ]; then - echo "installing rpm..." - sudo rpm -ivh webisoget-2.8.7-1.x86_64.rpm - rm -f webisoget-2.8.7-1.x86_64.rpm - else - echo "can't get webisoget rpm..." - exit 1 - fi -else - echo "webisoget already installed..." -fi +#echo "ensuring that webisoget is installed..." +#rpm -q webisoget &>/dev/null +#if [ $? -ne '0' ]; then +# echo "downloading webisoget rpm" +# curl -s -L -o webisoget-2.8.7-1.x86_64.rpm https://github.internet2.edu/docker/util/blob/master/bin/webisoget-2.8.7-1.x86_64.rpm?raw=true +# if [ -s webisoget-2.8.7-1.x86_64.rpm ]; then +# echo "installing rpm..." +# sudo rpm -ivh webisoget-2.8.7-1.x86_64.rpm +# rm -f webisoget-2.8.7-1.x86_64.rpm +# else +# echo "can't get webisoget rpm..." +# exit 1 +# fi +#else +# echo "webisoget already installed..." +#fi #ensure that name resolution is in place -ping -c 1 sptest.example.edu &>/dev/null -if [ $? -ne '0' ]; then - echo "adding hosts record for sp..." - echo '127.0.0.1 sptest.example.edu' | sudo tee -a /etc/hosts -fi -ping -c 1 idp.example.edu &>/dev/null -if [ $? -ne '0' ]; then - echo "adding hosts record for idp..." - echo '127.0.0.1 idp.example.edu' | sudo tee -a /etc/hosts -fi +#ping -c 1 sptest.example.edu &>/dev/null +#if [ $? -ne '0' ]; then +# echo "adding hosts record for sp..." +# echo '127.0.0.1 sptest.example.edu' | sudo tee -a /etc/hosts +#fi +#ping -c 1 idp.example.edu &>/dev/null +#if [ $? -ne '0' ]; then +# echo "adding hosts record for idp..." +# echo '127.0.0.1 idp.example.edu' | sudo tee -a /etc/hosts +#fi + +# replace FROM line in IdP Dockerfile to newly-built local image +sed -i '/FROM/c\FROM ${imagename}_${tag}' ../test-compose/idp/Dockerfile echo "Attempting full-cycle test..." -webisoget -verbose -out ./lastpage.txt -formfile ./sptest.login -url https://sptest.example.edu:8443/secure/index.php +#webisoget -verbose -out ./lastpage.txt -formfile ./sptest.login -url https://sptest.example.edu:8443/secure/index.php + +#build docker container +pushd ../test-compose/webisoget/ +docker build -t webisoget . +popd + +docker run --net host -w /webisoget/ -it webisoget /bin/bash -c "rm -f lastpage.txt & webisoget -out ./lastpage.txt -maxhop 100 -timeout 120 -formfile /webisoget/sptest.login -url https://sptest.example.edu:8443/secure/index.php && cat lastpage.txt" > lastpage.txt + if [ -s ./lastpage.txt ]; then cat lastpage.txt | grep kwhite@example.edu &>/dev/null diff --git a/tests/main.bats b/tests/main.bats index d413ac6..4a8e488 100644 --- a/tests/main.bats +++ b/tests/main.bats @@ -2,55 +2,55 @@ load ../common -@test "010 Image is present and healthy" { - docker image inspect ${maintainer}/${imagename} -} - -@test "020 All key files are present" { - docker run --rm -i ${maintainer}/${imagename} \ - find \ - /opt/shibboleth-idp/credentials/idp-encryption.crt \ - /opt/shibboleth-idp/credentials/idp-encryption.key \ - /opt/shibboleth-idp/credentials/idp-signing.crt \ - /opt/shibboleth-idp/credentials/idp-signing.key \ - /usr/local/tomcat/ \ - /usr/bin/java -} - -@test "030 Port 443/https is listening" { - docker run -d ${maintainer}/${imagename} - sleep 25 - #get cont id - contid=$(docker ps | grep ${maintainer}/${imagename} | cut -f 1 -d ' ') - run docker exec -i ${contid} sh -c 'cat < /dev/null > /dev/tcp/127.0.0.1/443' - docker kill ${contid} &>/dev/null - docker rm ${contid} &>/dev/null - [ "$status" -eq 0 ] -} +#@test "010 Image is present and healthy" { +# docker image inspect ${maintainer}/${imagename} +#} -@test "040 The IdP Status page is present" { - docker run -d ${maintainer}/${imagename} - sleep 60 - contid2=$(docker ps | grep ${maintainer}/${imagename} | cut -f 1 -d ' ') - run docker exec -i ${contid2} sh -c 'curl -I -k -s -f https://127.0.0.1/idp/status' - docker kill ${contid2} &>/dev/null - docker rm ${contid2} &>/dev/null - [ "$status" -eq 0 ] -} +#@test "020 All key files are present" { +# docker run --rm -i ${maintainer}/${imagename} \ +# find \ +# /opt/shibboleth-idp/credentials/idp-encryption.crt \ +# /opt/shibboleth-idp/credentials/idp-encryption.key \ +# /opt/shibboleth-idp/credentials/idp-signing.crt \ +# /opt/shibboleth-idp/credentials/idp-signing.key \ +# /usr/local/tomcat/ \ +# /usr/bin/java +#} -@test "050 The version of Tomcat is current" { - ./tests/checktomcatver.sh ${maintainer}/${imagename} -} +#@test "030 Port 443/https is listening" { +# docker run -d ${maintainer}/${imagename} +# sleep 25 +# #get cont id +# contid=$(docker ps | grep ${maintainer}/${imagename} | cut -f 1 -d ' ') +# run docker exec -i ${contid} sh -c 'cat < /dev/null > /dev/tcp/127.0.0.1/443' +# docker kill ${contid} &>/dev/null +# docker rm ${contid} &>/dev/null +# [ "$status" -eq 0 ] +#} -@test "060 The version of the IdP is current" { - ./tests/checkidpver.sh ${maintainer}/${imagename} -} +#@test "040 The IdP Status page is present" { +# docker run -d ${maintainer}/${imagename} +# sleep 60 +# contid2=$(docker ps | grep ${maintainer}/${imagename} | cut -f 1 -d ' ') +# run docker exec -i ${contid2} sh -c 'curl -I -k -s -f https://127.0.0.1/idp/status' +# docker kill ${contid2} &>/dev/null +# docker rm ${contid2} &>/dev/null +# [ "$status" -eq 0 ] +#} -#@test "070 There are no known security vulnerabilities" { -# ./tests/clairscan.sh ${maintainer}/${imagename}:latest +#@test "050 The version of Tomcat is current" { +# ./tests/checktomcatver.sh ${maintainer}/${imagename} #} -#@test "080 The IdP successfully completed a full-cycle test with an SP" { -# ./tests/fulltest.sh +#@test "060 The version of the IdP is current" { +# ./tests/checkidpver.sh ${maintainer}/${imagename} #} +##@test "070 There are no known security vulnerabilities" { +## ./tests/clairscan.sh ${maintainer}/${imagename}:latest +##} + +@test "080 The IdP successfully completed a full-cycle test with an SP" { + ./tests/fulltest.sh +} +