Skip to content

Commit

Permalink
Add tests to check server files after removal
Browse files Browse the repository at this point in the history 
The CI tests have been updated to check the files left on the
system after PKI server removal using pkidestroy and pki-server
remove commands.

Currently their behavior is inconsistent:

- pkidestroy will leave PKI server and subsystem logs files
  under /var/log/pki/<instance> folder
- pki-server remove will remove all files

Ideally the behavior should be more consistent. That will be
addressed separately later.
  • Loading branch information
@edewata
edewata committed Apr 18, 2024
1 parent 656f08d commit a20d37b
Show file tree
Hide file tree
Showing 6 changed files with 498 additions and 23 deletions.
80 changes: 77 additions & 3 deletions .github/workflows/ca-basic-test.yml
View file
Expand Up @@ -56,7 +56,7 @@ jobs:
-D pki_ds_url=ldap://ds.example.com:3389 \
-v
- name: Check PKI server base dir
- name: Check PKI server base dir after installation
run: |
# check file types, owners, and permissions
docker exec pki ls -l /var/lib/pki/pki-tomcat \
Expand All @@ -81,10 +81,10 @@ jobs:
diff expected output
- name: Check PKI server conf dir
- name: Check PKI server conf dir after installation
run: |
# check file types, owners, and permissions
docker exec pki ls -l /var/lib/pki/pki-tomcat/conf/ \
docker exec pki ls -l /etc/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
Expand All @@ -109,6 +109,31 @@ jobs:
diff expected output
- name: Check PKI server logs dir after installation
run: |
# check file types, owners, and permissions
docker exec pki ls -l /var/log/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
DATE=$(date +'%Y-%m-%d')
# TODO: review permissions
cat > expected << EOF
drwxr-x--- pkiuser pkiuser backup
drwxrwx--- pkiuser pkiuser ca
-rw-rw-r-- pkiuser pkiuser catalina.$DATE.log
-rw-rw-r-- pkiuser pkiuser host-manager.$DATE.log
-rw-rw-r-- pkiuser pkiuser localhost.$DATE.log
-rw-r--r-- pkiuser pkiuser localhost_access_log.$DATE.txt
-rw-rw-r-- pkiuser pkiuser manager.$DATE.log
drwxr-xr-x pkiuser pkiuser pki
EOF
diff expected output
- name: Check CA base dir
run: |
# check file types, owners, and permissions
Expand Down Expand Up @@ -319,6 +344,55 @@ jobs:
- name: Remove CA
run: docker exec pki pkidestroy -i pki-tomcat -s CA -v

- name: Check PKI server base dir after removal
run: |
# check file types, owners, and permissions
docker exec pki ls -l /var/lib/pki/pki-tomcat \
> >(tee stdout) 2> >(tee stderr >&2) || true
cat > expected << EOF
ls: cannot access '/var/lib/pki/pki-tomcat': No such file or directory
EOF
diff expected stderr
- name: Check PKI server conf dir after removal
run: |
# check file types, owners, and permissions
docker exec pki ls -l /etc/pki/pki-tomcat \
> >(tee stdout) 2> >(tee stderr >&2) || true
cat > expected << EOF
ls: cannot access '/etc/pki/pki-tomcat': No such file or directory
EOF
diff expected stderr
- name: Check PKI server logs dir after removal
run: |
# check file types, owners, and permissions
docker exec pki ls -l /var/log/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
DATE=$(date +'%Y-%m-%d')
# TODO: review permissions
cat > expected << EOF
drwxr-x--- pkiuser pkiuser backup
drwxrwx--- pkiuser pkiuser ca
-rw-rw-r-- pkiuser pkiuser catalina.$DATE.log
-rw-rw-r-- pkiuser pkiuser host-manager.$DATE.log
-rw-rw-r-- pkiuser pkiuser localhost.$DATE.log
-rw-r--r-- pkiuser pkiuser localhost_access_log.$DATE.txt
-rw-rw-r-- pkiuser pkiuser manager.$DATE.log
drwxr-xr-x pkiuser pkiuser pki
EOF
diff expected output
- name: Check DS server systemd journal
if: always()
run: |
Expand Down
82 changes: 79 additions & 3 deletions .github/workflows/kra-basic-test.yml
View file
Expand Up @@ -103,7 +103,7 @@ jobs:
-D pki_ds_url=ldap://ds.example.com:3389 \
-v
- name: Check PKI server base dir
- name: Check PKI server base dir after installation
run: |
# check file types, owners, and permissions
docker exec pki ls -l /var/lib/pki/pki-tomcat \
Expand All @@ -129,10 +129,10 @@ jobs:
diff expected output
- name: Check PKI server conf dir
- name: Check PKI server conf dir after installation
run: |
# check file types, owners, and permissions
docker exec pki ls -l /var/lib/pki/pki-tomcat/conf/ \
docker exec pki ls -l /etc/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
Expand All @@ -158,6 +158,32 @@ jobs:
diff expected output
- name: Check PKI server logs dir after installation
run: |
# check file types, owners, and permissions
docker exec pki ls -l /var/log/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
DATE=$(date +'%Y-%m-%d')
# TODO: review permissions
cat > expected << EOF
drwxr-x--- pkiuser pkiuser backup
drwxrwx--- pkiuser pkiuser ca
-rw-rw-r-- pkiuser pkiuser catalina.$DATE.log
-rw-rw-r-- pkiuser pkiuser host-manager.$DATE.log
drwxrwx--- pkiuser pkiuser kra
-rw-rw-r-- pkiuser pkiuser localhost.$DATE.log
-rw-r--r-- pkiuser pkiuser localhost_access_log.$DATE.txt
-rw-rw-r-- pkiuser pkiuser manager.$DATE.log
drwxr-xr-x pkiuser pkiuser pki
EOF
diff expected output
- name: Check KRA base dir
run: |
# check file types, owners, and permissions
Expand Down Expand Up @@ -429,6 +455,56 @@ jobs:
- name: Remove CA
run: docker exec pki pkidestroy -i pki-tomcat -s CA -v

- name: Check PKI server base dir after removal
run: |
# check file types, owners, and permissions
docker exec pki ls -l /var/lib/pki/pki-tomcat \
> >(tee stdout) 2> >(tee stderr >&2) || true
cat > expected << EOF
ls: cannot access '/var/lib/pki/pki-tomcat': No such file or directory
EOF
diff expected stderr
- name: Check PKI server conf dir after removal
run: |
# check file types, owners, and permissions
docker exec pki ls -l /etc/pki/pki-tomcat \
> >(tee stdout) 2> >(tee stderr >&2) || true
cat > expected << EOF
ls: cannot access '/etc/pki/pki-tomcat': No such file or directory
EOF
diff expected stderr
- name: Check PKI server logs dir after removal
run: |
# check file types, owners, and permissions
docker exec pki ls -l /var/log/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
DATE=$(date +'%Y-%m-%d')
# TODO: review permissions
cat > expected << EOF
drwxr-x--- pkiuser pkiuser backup
drwxrwx--- pkiuser pkiuser ca
-rw-rw-r-- pkiuser pkiuser catalina.$DATE.log
-rw-rw-r-- pkiuser pkiuser host-manager.$DATE.log
drwxrwx--- pkiuser pkiuser kra
-rw-rw-r-- pkiuser pkiuser localhost.$DATE.log
-rw-r--r-- pkiuser pkiuser localhost_access_log.$DATE.txt
-rw-rw-r-- pkiuser pkiuser manager.$DATE.log
drwxr-xr-x pkiuser pkiuser pki
EOF
diff expected output
- name: Check PKI server systemd journal
if: always()
run: |
Expand Down
82 changes: 79 additions & 3 deletions .github/workflows/ocsp-basic-test.yml
View file
Expand Up @@ -103,7 +103,7 @@ jobs:
-D pki_ds_url=ldap://ds.example.com:3389 \
-v
- name: Check PKI server base dir
- name: Check PKI server base dir after installation
run: |
# check file types, owners, and permissions
docker exec pki ls -l /var/lib/pki/pki-tomcat \
Expand All @@ -129,10 +129,10 @@ jobs:
diff expected output
- name: Check PKI server conf dir
- name: Check PKI server conf dir after installation
run: |
# check file types, owners, and permissions
docker exec pki ls -l /var/lib/pki/pki-tomcat/conf/ \
docker exec pki ls -l /etc/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
Expand All @@ -158,6 +158,32 @@ jobs:
diff expected output
- name: Check PKI server logs dir after installation
run: |
# check file types, owners, and permissions
docker exec pki ls -l /var/log/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
DATE=$(date +'%Y-%m-%d')
# TODO: review permissions
cat > expected << EOF
drwxr-x--- pkiuser pkiuser backup
drwxrwx--- pkiuser pkiuser ca
-rw-rw-r-- pkiuser pkiuser catalina.$DATE.log
-rw-rw-r-- pkiuser pkiuser host-manager.$DATE.log
-rw-rw-r-- pkiuser pkiuser localhost.$DATE.log
-rw-r--r-- pkiuser pkiuser localhost_access_log.$DATE.txt
-rw-rw-r-- pkiuser pkiuser manager.$DATE.log
drwxrwx--- pkiuser pkiuser ocsp
drwxr-xr-x pkiuser pkiuser pki
EOF
diff expected output
- name: Check OCSP base dir
run: |
# check file types, owners, and permissions
Expand Down Expand Up @@ -534,6 +560,56 @@ jobs:
- name: Remove CA
run: docker exec pki pkidestroy -i pki-tomcat -s CA -v

- name: Check PKI server base dir after removal
run: |
# check file types, owners, and permissions
docker exec pki ls -l /var/lib/pki/pki-tomcat \
> >(tee stdout) 2> >(tee stderr >&2) || true
cat > expected << EOF
ls: cannot access '/var/lib/pki/pki-tomcat': No such file or directory
EOF
diff expected stderr
- name: Check PKI server conf dir after removal
run: |
# check file types, owners, and permissions
docker exec pki ls -l /etc/pki/pki-tomcat \
> >(tee stdout) 2> >(tee stderr >&2) || true
cat > expected << EOF
ls: cannot access '/etc/pki/pki-tomcat': No such file or directory
EOF
diff expected stderr
- name: Check PKI server logs dir after removal
run: |
# check file types, owners, and permissions
docker exec pki ls -l /var/log/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
DATE=$(date +'%Y-%m-%d')
# TODO: review permissions
cat > expected << EOF
drwxr-x--- pkiuser pkiuser backup
drwxrwx--- pkiuser pkiuser ca
-rw-rw-r-- pkiuser pkiuser catalina.$DATE.log
-rw-rw-r-- pkiuser pkiuser host-manager.$DATE.log
-rw-rw-r-- pkiuser pkiuser localhost.$DATE.log
-rw-r--r-- pkiuser pkiuser localhost_access_log.$DATE.txt
-rw-rw-r-- pkiuser pkiuser manager.$DATE.log
drwxrwx--- pkiuser pkiuser ocsp
drwxr-xr-x pkiuser pkiuser pki
EOF
diff expected output
- name: Upload artifacts
if: always()
uses: actions/upload-artifact@v4
Expand Down

0 comments on commit a20d37b

Please sign in to comment.