add bats tests

Dockerfile

@@ -6,11 +6,11 @@ FROM centos:centos7
 #
 ##tomcat \
 ENV TOMCAT_MAJOR=9 \
-    TOMCAT_VERSION=9.0.11 \
+    TOMCAT_VERSION=9.0.12 \
 ##shib-idp \
     VERSION=3.3.3 \
 ##TIER \
-    TIERVERSION=180802 \
+    TIERVERSION=181001 \
 ################## \
 ### OTHER VARS ### \
 ################## \
@@ -231,5 +231,4 @@ EXPOSE 443
 HEALTHCHECK --interval=2m --timeout=30s \
   CMD curl -k -f https://127.0.0.1/idp/status || exit 1
 
-
 CMD ["/usr/bin/startup.sh"]

Jenkinsfile

@@ -19,8 +19,8 @@ node('docker') {
 
     checkout scm
 
-  stage 'Acquire util'
-    
+  stage 'Acquire util files'
+
     sh 'mkdir -p tmp && mkdir -p bin'
     dir('tmp'){
       git([ url: "https://github.internet2.edu/docker/util.git",
@@ -51,6 +51,7 @@ node('docker') {
      }
 
   stage 'Build'
+
     try{
       sh 'bin/rebuild.sh &> debug'
     } catch(error) {
@@ -59,6 +60,17 @@ node('docker') {
       sh "rm -f ./debug"
       handleError(message)
     }
+
+  stage 'Test'
+
+    try {
+      sh 'bin/test.sh 2>&1 | tee debug ; test ${PIPESTATUS[0]} -eq 0'
+    } catch (error) {
+      def error_details = readFile('./debug')
+      def message = "BUILD ERROR: There was a problem testing ${imagename}:${tag}. \n\n ${error_details}"
+      sh "rm -f ./debug"
+      handleError(message)
+    } 
 
   stage 'Push'
 
@@ -68,7 +80,7 @@ node('docker') {
     }
 
   stage 'Notify'
-  
+
     slackSend color: 'good', message: "$maintainer/$imagename:$tag pushed to DockerHub"
 
 }

tests/checkidpver.sh

@@ -0,0 +1,66 @@
+#!/bin/bash
+
+launchflag="no"
+kill_launched_containers() {
+  if [ ${launchflag} == 'yes' ]; then
+    echo 'removing container...'
+    docker kill ${contid} &>/dev/null
+    docker rm ${contid} &>/dev/null
+  fi
+}
+
+#determine whether to get running version from container or local instance
+which docker &>/dev/null
+if [ $? == '0' ]; then
+  if [ $# -lt '1' ]; then
+    echo "Docker detected, but no container name passed in... Terminating."
+    echo ""
+    exit 1
+  fi
+
+  #ensure container is running
+  docker ps | grep $1 &>/dev/null
+  if [  $? -ne '0' ]; then
+     docker run -d $1 &>/dev/null
+     launchflag="yes"
+     echo 'launching container (will take about a minute)...'
+     sleep 60
+  fi
+
+  #get container ID
+  export contid=$(docker ps | grep $1 | cut -f 1 -d ' ')
+
+  if [ -z "$contid" ]; then
+	echo "Specified container does not appear to be running...  Terminating."
+	echo ""
+	exit 1
+  fi
+
+  #get version from running status page inside container
+  export shibver=$(docker exec ${contid} /usr/bin/curl -k -s https://127.0.0.1/idp/status | grep idp_version | cut -f 2 -d ':' | xargs)
+else
+  #get version from running status page on local install
+  export shibver=$(curl -k -s https://127.0.0.1/idp/status | grep idp_version | cut -f 2 -d ':' | xargs)
+fi
+
+if [ -z "$(echo $shibver | xargs)" ]; then
+      echo "Unable to determine version from a running instance...  Terminating."
+      echo ""
+      exit 1
+fi
+
+#check if that version is available in the 'latest' download area (return is 0 if current, non-zero if not current)
+wget -q --spider https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-${shibver}.tar.gz
+
+if [  $? == '0' ]; then
+  echo "Running IdP version (${shibver}) is current!"
+  kill_launched_containers
+  echo ""
+  exit 0
+else
+  echo "Running IdP version (${shibver}) is NOT current."
+  kill_launched_containers
+  echo ""
+  exit 1
+fi
+

tests/checktomcatver.sh

@@ -0,0 +1,67 @@
+#!/bin/bash
+
+launchflag="no"
+kill_launched_containers() {
+  if [ ${launchflag} == 'yes' ]; then
+    echo 'removing container...'
+    docker kill ${contid} &>/dev/null
+    docker rm ${contid} &>/dev/null
+  fi
+}
+
+#determine whether to get running version from container or local instance
+which docker &>/dev/null
+if [ $? == '0' ]; then
+  if [ $# -lt '1' ]; then
+    echo "Docker detected, but no container name passed in... Terminating."
+    echo ""
+    exit 1
+  fi
+
+  #ensure container is running
+  docker ps | grep $1 &>/dev/null
+  if [  $? -ne '0' ]; then
+     docker run -d $1 &>/dev/null
+     launchflag="yes"
+     echo 'launching container (will take several seconds)...'
+     sleep 30
+  fi
+
+  #get container ID
+  export contid=$(docker ps | grep $1 | cut -f 1 -d ' ')
+
+  if [ -z "$contid" ]; then
+	echo "Specified container does not appear to be running...  Terminating."
+	echo ""
+	exit 1
+  fi
+
+  #get version from running status page inside container
+  export tomcatver=$(docker exec ${contid} /usr/local/tomcat/bin/version.sh | grep "Server version" | cut -f 2 -d ':' | cut -f 2 -d '/')
+else
+  echo "Local install of tomcat not supported by this script...  Terminating."
+  echo ""
+  exit 1
+fi
+
+if [ -z "$(echo $tomcatver | xargs)" ]; then
+      echo "Unable to determine tomcat version from a running instance...  Terminating."
+      echo ""
+      exit 1
+fi
+
+#check if that version of tomcat is available in the download area (return is 0 if current, non-zero if not current)
+wget -q --spider http://apache.mirrors.ionfish.org/tomcat/tomcat-9/v${tomcatver}/bin/apache-tomcat-${tomcatver}.tar.gz
+
+if [  $? == '0' ]; then
+  echo "Running Tomcat version (${tomcatver}) is current!"
+  kill_launched_containers
+  echo ""
+  exit 0
+else
+  echo "Running Tomcat version (${tomcatver}) is NOT current."
+  kill_launched_containers
+  echo ""
+  exit 1
+fi
+

tests/main.bats

@@ -0,0 +1,65 @@
+#!/usr/bin/env bats
+
+load ../common
+
+@test "010 Image is present and healthy" {
+    docker image inspect ${maintainer}/${imagename}:${tag}
+}
+
+@test "020 All key files are present" {
+    docker run --rm -i ${maintainer}/${imagename}:${tag} \
+	find \
+		/opt/shibboleth-idp/credentials/idp-encryption.crt \
+		/opt/shibboleth-idp/credentials/idp-encryption.key \
+		/opt/shibboleth-idp/credentials/idp-signing.crt \
+		/opt/shibboleth-idp/credentials/idp-signing.key \
+		/usr/local/tomcat/ \
+		/usr/bin/java
+}
+
+@test "030 Port 443/https is listening" {
+    docker run -d ${maintainer}/${imagename}:${tag}
+    sleep 25
+    #get cont id
+    contid=$(docker ps | grep ${maintainer}/${imagename}:${tag} | cut -f 1 -d ' ')
+    run docker exec -i ${contid} sh -c 'cat < /dev/null > /dev/tcp/127.0.0.1/443'
+    docker kill ${contid} &>/dev/null
+    docker rm ${contid} &>/dev/null
+    [ "$status" -eq 0 ]
+}
+
+@test "040 The IdP Status page is present" {
+    docker run -d ${maintainer}/${imagename}:${tag}
+    sleep 60
+    contid2=$(docker ps | grep ${maintainer}/${imagename}:${tag} | cut -f 1 -d ' ')
+    run docker exec -i ${contid2} sh -c 'curl -I -k -s -f https://127.0.0.1/idp/status'
+    docker kill ${contid2} &>/dev/null
+    docker rm ${contid2} &>/dev/null
+    [ "$status" -eq 0 ]
+}
+
+@test "050 The version of Tomcat is current" {
+    ./checktomcatver.sh ${maintainer}/${imagename}:${tag}
+}
+
+@test "060 The version of the IdP is current" {
+    ./checkidpver.sh ${maintainer}/${imagename}:${tag}
+}
+
+@test "070 There are no known security vulnerabilities" {
+    if [ ! -s ./clair-scanner ]; then
+       curl -L -o ./clair-scanner https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
+       chmod 755 clair-scanner
+    fi
+    docker run -p 5432:5432 -d --name db arminc/clair-db:latest
+    sleep 15
+    docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.5
+    sleep 30
+    ./clair-scanner --ip 172.17.0.1 ${maintainer}/${imagename}:${tag}
+    docker kill clair
+    docker rm clair
+    docker kill db
+    docker rm db
+}
+
+