Skip to content
Permalink
Browse files

add bats tests

  • Loading branch information...
pcaskey committed Oct 5, 2018
1 parent 6f484c4 commit b729d768005fa373fc6e0008cb040fdbd943a0da
Showing with 215 additions and 6 deletions.
  1. +2 −3 Dockerfile
  2. +15 −3 Jenkinsfile
  3. +66 −0 tests/checkidpver.sh
  4. +67 −0 tests/checktomcatver.sh
  5. +65 −0 tests/main.bats
@@ -6,11 +6,11 @@ FROM centos:centos7
#
##tomcat \
ENV TOMCAT_MAJOR=9 \
TOMCAT_VERSION=9.0.11 \
TOMCAT_VERSION=9.0.12 \
##shib-idp \
VERSION=3.3.3 \
##TIER \
TIERVERSION=180802 \
TIERVERSION=181001 \
################## \
### OTHER VARS ### \
################## \
@@ -231,5 +231,4 @@ EXPOSE 443
HEALTHCHECK --interval=2m --timeout=30s \
CMD curl -k -f https://127.0.0.1/idp/status || exit 1


CMD ["/usr/bin/startup.sh"]
@@ -19,8 +19,8 @@ node('docker') {

checkout scm

stage 'Acquire util'
stage 'Acquire util files'

sh 'mkdir -p tmp && mkdir -p bin'
dir('tmp'){
git([ url: "https://github.internet2.edu/docker/util.git",
@@ -51,6 +51,7 @@ node('docker') {
}

stage 'Build'

try{
sh 'bin/rebuild.sh &> debug'
} catch(error) {
@@ -59,6 +60,17 @@ node('docker') {
sh "rm -f ./debug"
handleError(message)
}

stage 'Test'

try {
sh 'bin/test.sh 2>&1 | tee debug ; test ${PIPESTATUS[0]} -eq 0'
} catch (error) {
def error_details = readFile('./debug')
def message = "BUILD ERROR: There was a problem testing ${imagename}:${tag}. \n\n ${error_details}"
sh "rm -f ./debug"
handleError(message)
}

stage 'Push'

@@ -68,7 +80,7 @@ node('docker') {
}

stage 'Notify'

slackSend color: 'good', message: "$maintainer/$imagename:$tag pushed to DockerHub"

}
@@ -0,0 +1,66 @@
#!/bin/bash

launchflag="no"
kill_launched_containers() {
if [ ${launchflag} == 'yes' ]; then
echo 'removing container...'
docker kill ${contid} &>/dev/null
docker rm ${contid} &>/dev/null
fi
}

#determine whether to get running version from container or local instance
which docker &>/dev/null
if [ $? == '0' ]; then
if [ $# -lt '1' ]; then
echo "Docker detected, but no container name passed in... Terminating."
echo ""
exit 1
fi

#ensure container is running
docker ps | grep $1 &>/dev/null
if [ $? -ne '0' ]; then
docker run -d $1 &>/dev/null
launchflag="yes"
echo 'launching container (will take about a minute)...'
sleep 60
fi

#get container ID
export contid=$(docker ps | grep $1 | cut -f 1 -d ' ')

if [ -z "$contid" ]; then
echo "Specified container does not appear to be running... Terminating."
echo ""
exit 1
fi

#get version from running status page inside container
export shibver=$(docker exec ${contid} /usr/bin/curl -k -s https://127.0.0.1/idp/status | grep idp_version | cut -f 2 -d ':' | xargs)
else
#get version from running status page on local install
export shibver=$(curl -k -s https://127.0.0.1/idp/status | grep idp_version | cut -f 2 -d ':' | xargs)
fi

if [ -z "$(echo $shibver | xargs)" ]; then
echo "Unable to determine version from a running instance... Terminating."
echo ""
exit 1
fi

#check if that version is available in the 'latest' download area (return is 0 if current, non-zero if not current)
wget -q --spider https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-${shibver}.tar.gz

if [ $? == '0' ]; then
echo "Running IdP version (${shibver}) is current!"
kill_launched_containers
echo ""
exit 0
else
echo "Running IdP version (${shibver}) is NOT current."
kill_launched_containers
echo ""
exit 1
fi

@@ -0,0 +1,67 @@
#!/bin/bash

launchflag="no"
kill_launched_containers() {
if [ ${launchflag} == 'yes' ]; then
echo 'removing container...'
docker kill ${contid} &>/dev/null
docker rm ${contid} &>/dev/null
fi
}

#determine whether to get running version from container or local instance
which docker &>/dev/null
if [ $? == '0' ]; then
if [ $# -lt '1' ]; then
echo "Docker detected, but no container name passed in... Terminating."
echo ""
exit 1
fi

#ensure container is running
docker ps | grep $1 &>/dev/null
if [ $? -ne '0' ]; then
docker run -d $1 &>/dev/null
launchflag="yes"
echo 'launching container (will take several seconds)...'
sleep 30
fi

#get container ID
export contid=$(docker ps | grep $1 | cut -f 1 -d ' ')

if [ -z "$contid" ]; then
echo "Specified container does not appear to be running... Terminating."
echo ""
exit 1
fi

#get version from running status page inside container
export tomcatver=$(docker exec ${contid} /usr/local/tomcat/bin/version.sh | grep "Server version" | cut -f 2 -d ':' | cut -f 2 -d '/')
else
echo "Local install of tomcat not supported by this script... Terminating."
echo ""
exit 1
fi

if [ -z "$(echo $tomcatver | xargs)" ]; then
echo "Unable to determine tomcat version from a running instance... Terminating."
echo ""
exit 1
fi

#check if that version of tomcat is available in the download area (return is 0 if current, non-zero if not current)
wget -q --spider http://apache.mirrors.ionfish.org/tomcat/tomcat-9/v${tomcatver}/bin/apache-tomcat-${tomcatver}.tar.gz

if [ $? == '0' ]; then
echo "Running Tomcat version (${tomcatver}) is current!"
kill_launched_containers
echo ""
exit 0
else
echo "Running Tomcat version (${tomcatver}) is NOT current."
kill_launched_containers
echo ""
exit 1
fi

@@ -0,0 +1,65 @@
#!/usr/bin/env bats

load ../common

@test "010 Image is present and healthy" {
docker image inspect ${maintainer}/${imagename}:${tag}
}

@test "020 All key files are present" {
docker run --rm -i ${maintainer}/${imagename}:${tag} \
find \
/opt/shibboleth-idp/credentials/idp-encryption.crt \
/opt/shibboleth-idp/credentials/idp-encryption.key \
/opt/shibboleth-idp/credentials/idp-signing.crt \
/opt/shibboleth-idp/credentials/idp-signing.key \
/usr/local/tomcat/ \
/usr/bin/java
}

@test "030 Port 443/https is listening" {
docker run -d ${maintainer}/${imagename}:${tag}
sleep 25
#get cont id
contid=$(docker ps | grep ${maintainer}/${imagename}:${tag} | cut -f 1 -d ' ')
run docker exec -i ${contid} sh -c 'cat < /dev/null > /dev/tcp/127.0.0.1/443'
docker kill ${contid} &>/dev/null
docker rm ${contid} &>/dev/null
[ "$status" -eq 0 ]
}

@test "040 The IdP Status page is present" {
docker run -d ${maintainer}/${imagename}:${tag}
sleep 60
contid2=$(docker ps | grep ${maintainer}/${imagename}:${tag} | cut -f 1 -d ' ')
run docker exec -i ${contid2} sh -c 'curl -I -k -s -f https://127.0.0.1/idp/status'
docker kill ${contid2} &>/dev/null
docker rm ${contid2} &>/dev/null
[ "$status" -eq 0 ]
}

@test "050 The version of Tomcat is current" {
./checktomcatver.sh ${maintainer}/${imagename}:${tag}
}

@test "060 The version of the IdP is current" {
./checkidpver.sh ${maintainer}/${imagename}:${tag}
}

@test "070 There are no known security vulnerabilities" {
if [ ! -s ./clair-scanner ]; then
curl -L -o ./clair-scanner https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
chmod 755 clair-scanner
fi
docker run -p 5432:5432 -d --name db arminc/clair-db:latest
sleep 15
docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.5
sleep 30
./clair-scanner --ip 172.17.0.1 ${maintainer}/${imagename}:${tag}
docker kill clair
docker rm clair
docker kill db
docker rm db
}


0 comments on commit b729d76

Please sign in to comment.
You can’t perform that action at this time.