mirror of https://github.com/ovh/the-bastion
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
156 lines
5.2 KiB
156 lines
5.2 KiB
# vim: set filetype=sh ts=4 sw=4 sts=4 et:
|
|
# shellcheck shell=bash
|
|
# shellcheck disable=SC2086,SC2016,SC2046
|
|
# below: convoluted way that forces shellcheck to source our caller
|
|
# shellcheck source=tests/functional/launch_tests_on_instance.sh
|
|
. "$(dirname "${BASH_SOURCE[0]}")"/dummy
|
|
|
|
testsuite_scripts()
|
|
{
|
|
|
|
# try to backup without having a GPG key setup first
|
|
|
|
success backup_config $r0 "\"echo DESTDIR='/root/backups' >> $opt_remote_etc_bastion/osh-backup-acl-keys.conf\""
|
|
|
|
success backup_run_nokey $r0 /opt/bastion/bin/cron/osh-backup-acl-keys.sh
|
|
contain "Creating /root/backups/backup-"
|
|
contain "File created"
|
|
contain "will not be encrypted"
|
|
nocontain "Encrypting"
|
|
contain "Done"
|
|
nocontain "ERROR:"
|
|
nocontain "Unexpected termination"
|
|
|
|
# generate & import keys
|
|
|
|
success setup_keys_generate $r0 /opt/bastion/bin/admin/setup-gpg.sh --generate
|
|
contain "autogenerated with"
|
|
|
|
script setup_keys_import $r0 "\"echo '$admins_gpg_key_pub' | /opt/bastion/bin/admin/setup-gpg.sh --import\""
|
|
retvalshouldbe 0
|
|
contain "Paste the admins"
|
|
contain "50-gpg-admins-key.conf updated:"
|
|
contain "50-gpg.conf updated:"
|
|
contain "Parsed and added 1 keys"
|
|
contain "GPGKEYS='1B72FD2C2215EA44'"
|
|
contain '[ "1B72FD2C2215EA44" ]'
|
|
nocontain "WARN:"
|
|
nocontain "ERROR:"
|
|
nocontain "Unexpected termination"
|
|
|
|
script setup_keys_import_2 $r0 "\"echo '$admins_gpg_key_pub_2' | /opt/bastion/bin/admin/setup-gpg.sh --import --overwrite\""
|
|
retvalshouldbe 0
|
|
contain "Paste the admins"
|
|
contain "50-gpg-admins-key.conf already exists, but overwriting"
|
|
contain "50-gpg.conf already exists, but overwriting"
|
|
contain "Parsed and added 1 keys"
|
|
contain "GPGKEYS='25305EA2FCA333C4'"
|
|
contain '[ "25305EA2FCA333C4" ]'
|
|
nocontain "WARN:"
|
|
nocontain "ERROR:"
|
|
nocontain "Unexpected termination"
|
|
|
|
success setup_keys_clear $r0 "\"rm -f $opt_remote_etc_bastion/osh-encrypt-rsync.conf.d/50-gpg-admins-key.conf $opt_remote_etc_bastion/osh-backup-acl-keys.conf.d/50-gpg.conf\""
|
|
|
|
script setup_keys_import_3 $r0 "\"echo '$admins_gpg_key_pub_double' | /opt/bastion/bin/admin/setup-gpg.sh --import\""
|
|
retvalshouldbe 0
|
|
contain "Paste the admins"
|
|
contain "50-gpg-admins-key.conf updated:"
|
|
contain "50-gpg.conf updated:"
|
|
contain "Parsed and added 2 keys"
|
|
contain REGEX "GPGKEYS='(CF27BEC1C8266FFE EC6CEA6719EF3700|EC6CEA6719EF3700 CF27BEC1C8266FFE)'"
|
|
contain REGEX '("CF27BEC1C8266FFE", "EC6CEA6719EF3700"|"EC6CEA6719EF3700", "CF27BEC1C8266FFE")'
|
|
nocontain "WARN:"
|
|
nocontain "ERROR:"
|
|
nocontain "Unexpected termination"
|
|
|
|
# backup again
|
|
|
|
success backup_run_key $r0 /opt/bastion/bin/cron/osh-backup-acl-keys.sh
|
|
contain "Creating /root/backups/backup-"
|
|
contain "File created"
|
|
nocontain "will not be encrypted"
|
|
contain "Encrypting"
|
|
contain "Done"
|
|
nocontain "WARN:"
|
|
nocontain "ERROR:"
|
|
nocontain "Unexpected termination"
|
|
|
|
# lingering sessions reaper
|
|
|
|
success lingering_sessions_reaper $r0 /opt/bastion/bin/cron/osh-lingering-sessions-reaper.sh
|
|
contain "Done"
|
|
nocontain "WARN:"
|
|
nocontain "ERROR:"
|
|
nocontain "Unexpected termination"
|
|
|
|
# orphaned homedirs
|
|
|
|
success orphaned_homedirs $r0 /opt/bastion/bin/cron/osh-orphaned-homedir.sh
|
|
contain "master instance"
|
|
nocontain "WARN:"
|
|
nocontain "ERROR:"
|
|
nocontain "Unexpected termination"
|
|
|
|
# piv grace reaper is handled in 400-piv.sh
|
|
|
|
# ttyrec rotate
|
|
|
|
success rotate_ttyrec $r0 /opt/bastion/bin/cron/osh-rotate-ttyrec.sh
|
|
contain "Done"
|
|
nocontain "WARN:"
|
|
nocontain "ERROR:"
|
|
nocontain "Unexpected termination"
|
|
|
|
# cleanup guest key access
|
|
|
|
success cleanup_guest_key_access $r0 /opt/bastion/bin/cron/osh-cleanup-guest-key-access.pl
|
|
contain "Done"
|
|
nocontain "WARN:"
|
|
nocontain "ERROR:"
|
|
|
|
# encrypt rsync (nothing to encrypt)
|
|
|
|
success encrypt_rsync_none $r0 /opt/bastion/bin/cron/osh-encrypt-rsync.pl
|
|
contain 'Config test passed'
|
|
contain "Done"
|
|
nocontain "WARN:"
|
|
nocontain "ERROR:"
|
|
|
|
# ttyrec subfolders cleanup
|
|
success ttyrec_cleanup $r0 /opt/bastion/bin/cron/osh-remove-empty-folders.sh
|
|
contain "Done"
|
|
nocontain "WARN:"
|
|
nocontain "ERROR:"
|
|
nocontain "Unexpected termination"
|
|
|
|
# create and account and connect one to have a ttyrec file
|
|
|
|
success a0_create_a1 $a0 --osh accountCreate --always-active --account $account1 --uid $uid1 --public-key "\"$(cat $account1key1file.pub)\""
|
|
json .error_code OK .command accountCreate .value null
|
|
|
|
success a0_allow_a1 $a0 --osh accountAddPersonalAccess --account $account1 --host 127.0.0.1 --user none --port 22
|
|
json .error_code OK .command accountAddPersonalAccess
|
|
|
|
run a1_connect $a1 none@127.0.0.1
|
|
|
|
# encrypt rsync (one file to encrypt)
|
|
|
|
success encrypt_rsync_none $r0 /opt/bastion/bin/cron/osh-encrypt-rsync.pl --force-encrypt --encrypt-only
|
|
contain 'Config test passed'
|
|
contain "Creating"
|
|
contain "Encrypting"
|
|
contain ".gpg"
|
|
contain "Done"
|
|
nocontain "WARN:"
|
|
nocontain "ERROR:"
|
|
nocontain "Unexpected termination"
|
|
|
|
# cleanup account
|
|
|
|
success a0_delete_a1 $a0 --osh accountDelete --account $account1 --no-confirm
|
|
}
|
|
|
|
testsuite_scripts
|
|
unset -f testsuite_scripts
|