// Copyright (C) 2015-2022 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
/**
@page unitTests Building Kea with Unit Tests
By default, Kea is built without unit-tests as they're used mostly by
developers and prospective contributors. Kea's unit-tests are using
gtest framework from
Google. Google's approach has changed over the years. For some time,
they were very keen on not installing gtest as a normal software would
be, but rather provide gtest as sources. This was further complicated
with the fact that some Linux distributions packaged gtest and tried
to mimic its installation. Kea tries its best to accommodate all typical
situations and provides two switches to point to gtest. You can use
`--with-gtest` or `--with-gtest-source`. Both attempt to locate gtest
on their own. However, if neither of them can find it, you can specify
the path explicitly. For example, on ubuntu with googletest package installed,
you can do the following for Kea to find it:
@code
sudo apt install googletest
./configure --with-gtest-source=/usr/src/googletest
@endcode
Depending on how you compiled or installed \c gtest (e.g. from sources
or using some package management system) one of those two switches will
find \c gtest. After that you make and run the unit-tests with:
@code
make
make check
@endcode
As usual, using \c -jX option will speed up compilation. This parameter is
even more useful for unit-tests as there are over 6000 unit-tests and their
compilation is significantly slower than just the production Kea sources.
Kea should work with reasonably recent gtest versions. We recently tried
with 1.7.0, 1.8.0, 1.8.1 and 1.10.0.
@section unitTestsEnvironmentVariables Environment Variables
The following environment variable can affect the unit tests:
- KEA_LOCKFILE_DIR - Specifies a directory where the logging system should
create its lock file. If not specified, it is prefix/var/run/kea,
where prefix defaults to /usr/local. This variable must not end
with a slash. There is one special value, "none", which instructs Kea to
not create a lock file at all. This may cause issues if several processes
log to the same file. (Also see the Kea User's Guide, section 15.3.)
- KEA_LOGGER_DESTINATION - Specifies the logging destination. If not set, logged
messages will not be recorded anywhere. There are three special values:
stdout, stderr and syslog. Any other value is interpreted as a filename.
(Also see Kea User's Guide, section 15.3.)
- KEA_LOG_CHECK_VERBOSE - Specifies the log check default verbosity. If not
set, unit tests using the log utils to verify that logs are generated as
expected are by default silent. If set, these unit tests display real
and expected logs.
- KEA_MYSQL_HAVE_SSL - Specifies the SSL/TLS support status of MySQL.
When not set the corresponding MySQL global variable is read and
the environment of the unit test process is updated so usually this
variable is manually set only in order to enforce a particular status.
- KEA_PIDFILE_DIR - Specifies the directory which should be used for PID files
as used by dhcp::Daemon or its derivatives. If not specified, the
default is prefix/var/run/kea, where prefix defaults to
/usr/local. This variable must not end with a slash.
- KEA_SOCKET_TEST_DIR - If set, it specifies the directory where Unix
sockets are created. There is an operating system limitation on how
long a Unix socket path can be, typically slightly over 100
characters. By default unit-tests create sockets in temporary folder
under /tmp folder. KEA_SOCKET_TEST_DIR can be specified to instruct
unit-tests to use a different directory. It must not end with slash.
- KEA_TEST_DB_WIPE_DATA_ONLY - Unit tests which use a Kea unit test
database take steps to ensure they are starting with an empty database
of the correct schema version. The first step taken is to simply
delete the transient data (such as leases, reservations, etc..), provided
the schema exists and is the expected version. If the schema does not
exist, is not the expected version, or for some reason the data wipe fails,
the schema will be dropped and recreated. Setting this value to "false"
will cause the test setup logic to always drop and create the database
schema. The default value is "true".
- KEA_TLS_CHECK_VERBOSE - Specifies the TLS check default verbosity. If not
set, TLS unit tests triggering expected failures are by default silent.
If set, these TLS unit tests display the error messages which are very
dependent on the cryptographic backend and boost library versions.
@note Setting KEA_TEST_DB_WIPE_DATA_ONLY to false may dramatically
increase the time it takes each unit test to execute.
- GTEST_OUTPUT - Save the test results in XML files. Make it point to a location
where a file or directory can be safely created. If there is no file or
directory at that location, adding a trailing slash
`GTEST_OUTPUT=${PWD}/test-results/` will create a directory containing an XML
file for each directory being tested. Leaving the slash out will create a single
XML file and will put all the test results in it.
- DEBUG - Set this variable to make shell tests output the commands that are
run. They are shown just before they are effectively run. Can be set to
anything e.g. `DEBUG=true`. `unset DEBUG` to remove this behavior.
@section unitTestsSanitizers Use Sanitizers
GCC and LLVM support some sanitizers which perform additional tests
at runtime, for instance the ThreadSanitizer (aka TSan) detects data
race in executed C++ code (unfortunately on macOS it intercepts
signals and fails to send them to waiting select system calls so
some tests always fail when it is used, experiments are run with
different versions of Tsan).
The simplest way to enable a sanitizer is to add it to the CXXFLAGS
environment variable in .configure by e.g. -fsanitize=thread.
When enabling lcov (code coverage), some gtest functions are detected as
not being thread safe. It is recommended to disable lcov when enabling
thread sanitizer.
@section unitTestsDatabaseConfig Databases Configuration for Unit Tests
With the use of databases requiring separate authorisation, there are
certain database-specific pre-requisites for successfully running the unit
tests. These are listed in the following sections.
@subsection unitTestsDatabaseUsers Database Users Required for Unit Tests
Unit tests validating database backends require that the keatest
database is created. This database should be empty. The unit tests
also require that the keatest user is created and that this user
is configured to access the database with a password of keatest.
Unit tests use these credentials to create database schema, run test cases
and drop the schema. Thus, the keatest user must have sufficiently
high privileges to create and drop tables, as well as insert and modify the
data within those tables.
The database backends which support read only access to the host
reservations databases (currently MySQL and PostgreSQL) include unit
tests verifying that a database user with read-only privileges can be
used to retrieve host reservations. Those tests require another user,
keatest_readonly, with SQL SELECT privilege to the keatest
database (i.e. without INSERT, UPDATE etc.), is also created.
keatest_readonly should also have the password keatest.
The following sections provide step-by-step guidelines how to setup the
databases for running unit tests.
@subsection mysqlUnitTestsPrerequisites MySQL Database
The steps to create the database and users are:
-# Log into MySQL as root:
@verbatim
% mysql -u root -p
Enter password:
:
mysql>@endverbatim\n
-# Create the test database. This must be called "keatest":
@verbatim
mysql> CREATE DATABASE keatest;
mysql>@endverbatim\n
-# Create the users under which the test client will connect to the database
(the apostrophes around the words keatest, keatest_readonly, and
localhost are required):
@verbatim
mysql> CREATE USER 'keatest'@'localhost' IDENTIFIED BY 'keatest';
mysql> CREATE USER 'keatest_readonly'@'localhost' IDENTIFIED BY 'keatest';
mysql> CREATE USER 'keatest_secure'@'localhost' IDENTIFIED BY 'keatest';
mysql> ALTER USER 'keatest_secure'@'localhost' REQUIRE X509;
mysql>@endverbatim\n
Some old versions of MySQL do not support the REQUIRE keyword in ALTER
USER. Fortunately all versions support it in GRANT even if it is less secure
as the requirement will apply only to commands for the database instead
to all connections so all commands. And of course in production many
stronger requirements are available: X509 only requires the user to
present a certificate: you can specify which certificate by requiring
for instance a particular Subject Name, etc.
-# Grant the created users permissions to access the keatest database
(again, the apostrophes around the user names and localhost
are required):
@verbatim
mysql> GRANT ALL ON keatest.* TO 'keatest'@'localhost';
mysql> GRANT SELECT ON keatest.* TO 'keatest_readonly'@'localhost';
mysql> GRANT ALL ON keatest.* TO 'keatest_secure'@'localhost';
mysql>@endverbatim\n
When the REQUIRE in ALTER USER is not supported change the last line by:
@verbatim
mysql> GRANT ALL ON keatest.* TO 'keatest_secure'@'localhost' REQUIRE X509;
mysql>@endverbatim\n
-# If you get You do not have the SUPER privilege and binary logging is
enabled error message, you need to add:
@verbatim
mysql> SET GLOBAL LOG_BIN_TRUST_FUNCTION_CREATORS = 1;
mysql>@endverbatim\n
-# Exit MySQL:
@verbatim
mysql> quit
Bye
%@endverbatim
The unit tests are run automatically when "make check" is executed (providing
that Kea has been built with the \c --with-mysql switch (see the installation
section in the Kea Administrator
Reference Manual).
@subsection mysqlUnitTestsTLS MySQL Database with SSL/TLS
Usually MySQL is compiled with SSL/TLS support using OpenSSL.
This is easy to verify using the:
@verbatim
mysql> SHOW GLOBAL VARIABLES LIKE 'have_ssl';
@endverbatim
The variable is documented to have three possible values:
- DISABLED: compiled with TLS support but it was not configured
- YES: compiled with configured TLS support
- NO: not compiled with TLS support
The value of this MySQL global variable is reflected by the
KEA_MYSQL_HAVE_SSL environment variable.
The keatest_secure user requires X509 so a client certificate. Of course
in production a stricter requirement should be used, in particular when
a client certificate should be bound to a particular user.
MySQL unit tests reuse the asiolink library setup. This .my.cnf
configuration file works with MariaDB 10.6.4:
@verbatim
[mysqld]
ssl_cert=/src/lib/asiolink/testutils/ca/kea-server.crt
ssl_key=/src/lib/asiolink/testutils/ca/kea-server.key
ssl_ca=/src/lib/asiolink/testutils/ca/kea-ca.crt
[client-mariadb]
ssl_cert=/src/lib/asiolink/testutils/ca/kea-client.crt
ssl_key=/src/lib/asiolink/testutils/ca/kea-client.key
ssl_ca=/src/lib/asiolink/testutils/ca/kea-ca.crt
ssl-verify-server-cert
@endverbatim
The last statement requires mutual authentication named two way in the
MariaDB documentation. For MySQL versions greater than 5.7.11 this
statement should be replaced by:
@verbatim
[client]
...
ssl-mode=VERIFY_IDENTITY
@endverbatim
On Debian some MySQL packages use GnuTLS instead OpenSSL to provide
the SSL/TLS support: this is known to not work with this proposed setup.
@subsection pgsqlUnitTestsPrerequisites PostgreSQL Database
PostgreSQL set up differs from system to system. Please consult your
operating system-specific PostgreSQL documentation. The remainder of
that section uses Ubuntu 13.10 x64 (with PostgreSQL 9.0+) as an example.
On Ubuntu, PostgreSQL is installed (with sudo apt-get install
postgresql) under user postgres. To create new databases
or add new users, initial commands must be issued under this username:
@verbatim
$ sudo -u postgres psql postgres
[sudo] password for thomson:
psql (9.1.12)
Type "help" for help.
postgres=# CREATE USER keatest WITH PASSWORD 'keatest';
CREATE ROLE
postgres=# CREATE DATABASE keatest;
CREATE DATABASE
postgres=# GRANT ALL PRIVILEGES ON DATABASE keatest TO keatest;
GRANT
postgres=# \q
@endverbatim
PostgreSQL versions earlier than 9.0 don't provide an SQL statement for granting
privileges on all tables in a database. In newer PostgreSQL versions, it is
possible to grant specific privileges on all tables within a schema.
However, this only affects tables which exist when the privileges are granted.
To ensure that the user has specific privileges to tables dynamically created
by the unit tests, the default schema privileges must be altered.
The following example demonstrates how to create the user keatest_readonly,
which has SELECT privilege to the tables within the keatest database,
in Postgres 9.0+. For earlier versions of Postgres, it is recommended to
simply grant full privileges to keatest_readonly, using the
same steps as for the keatest user.
@verbatim
$ psql -U postgres
Password for user postgres:
psql (9.1.12)
Type "help" for help.
postgres=# CREATE USER keatest_readonly WITH PASSWORD 'keatest';
CREATE ROLE
postgres=# \q
$ psql -U keatest
Password for user keatest:
psql (9.1.12)
Type "help" for help.
keatest=> ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES to keatest_readonly;
ALTER DEFAULT PRIVILEGES
keatest=> \q
@endverbatim
Note that the keatest user (rather than postgres) is used to grant
privileges to the keatest_readonly user. This ensures that the SELECT
privilege is granted only on the tables that the keatest user can access
within the public schema.
It seems this no longer works on recent versions of PostgreSQL: if you get
a permission problem on SELECT on the schema_version table for
eatest_readonly, please try with the schema loaded:
@verbatim
$ psql -h localhost -U keatest -d keatest
Password for user keatest:
psql (11.3 (Debian 11.3-1))
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.
keatest=> GRANT SELECT ON ALL TABLES IN SCHEMA public TO keatest_readonly;
GRANT
keatest=> \q
@endverbatim
Now we should be able to log into the newly created database using both user
names:
@verbatim
$ psql -d keatest -U keatest
Password for user keatest:
psql (9.1.12)
Type "help" for help.
keatest=> \q
$ psql -d keatest -U keatest_readonly
Password for user keatest_readonly:
psql (9.1.12)
Type "help" for help.
keatest=>
@endverbatim
If instead of seeing keatest=> prompt, your login is refused with an error
code about failed peer or
Ident authentication failed for user "keatest", it means that
PostgreSQL is configured to check unix username and reject login attempts if
PostgreSQL names are different. To alter that, the PostgreSQL pg_hba.conf
configuration file must be changed. It usually resides at
/var/lib/postgresql/data/pg_hba.conf or at
/etc/postgresql/${version}/main/pg_hba.conf, but you can find out
for sure by running
sudo -u postgres psql -t -c 'SHOW hba_file'. Make sure
that all the authentication methods are changed to "md5" like this:
@verbatim
local all all md5
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
@endverbatim
Another possible problem is that you get no password prompt. This is
most probably because you have no pg_hba.conf config file
and everybody is by default trusted. As it has a very bad effect
on the security you should have been warned this is a highly unsafe
configuration. The solution is the same, i.e., require password or
md5 authentication method.
If you lose the postgres user access you can first add:
@verbatim
local all postgres trust
@endverbatim
to trust only the local postgres user. Note the postgres user can
be pgsql on some systems.
Please consult your PostgreSQL user manual before applying those changes as
those changes may expose your other databases that you run on the same system.
In general case, it is a poor idea to run anything of value on a system
that runs tests. Use caution!
The unit tests are run automatically when "make check" is executed (providing
that Kea has been build with the \c --with-pgsql switch (see the installation
section in the Kea Administrator
Reference Manual).
@section unitTestsKerberos Kerberos Configuration for Unit Tests
The GSS-TSIG hook library uses the GSS-API with Kerberos. While there are
no doubts that the hook can be safely used with a valid Kerberos configuration
in production, unit tests reported problems on some systems.
GSS-TSIG hook unit tests use a setup inherited from bind9 with old crypto
settings which are not allowed by default Kerberos system configuration.
A simple workaround is to set the KRB5_CONFIG environment variable to
a random value that doesn't match a file (e.g. KRB5_CONFIG=).
@section writingShellScriptsAndTests Writing shell scripts and tests
Shell tests are `shellcheck`ed. But there are other writing practices that are
good to follow in order to keep, not only shell tests, but shell scripts in
general, POSIX-compliant. See below:
- For portability, all shell scripts should have a shebang.
@code
#!/bin/sh
@endcode
The `sh` shell can differ on various operating systems. On most systems it is
GNU sh. Notable exceptions are Alpine which links it to ash, FreeBSD which has
the primordial non-GNU sh, Ubuntu which links it to dash. These four shells
should all be tested against, when adding shell scripts or making changes to
them.
- Reference variables with curly brackets.
@code
${var} # better
$var
@endcode
For consistency with cases where you need advanced features from the variables
which make the curly brackets mandatory. Such cases are:
@code
# Retrieving variable/string length...
${#var}
# Defaulting to a given value when the variable is undefined...
${var-default}
# Substituting the variable with a given value when the variable is defined...
${var+value}
# Concatenating the value of a variable with an alphanumeric constant...
${var}constant
@endcode
- Always use `printf` instead of `echo`. There are times when a newline is not
desired such as when you want to print on a single line from multiple points
in your script or when you want to get the character count from an expression:
@code
var1='not '
var2=' you want to ignore'
# Prints the number of characters.
printf '%s' "${var1}something${var2}" | wc -c
# Result:
32
# This one prints a plus one i.e. the inherent newline.
echo "${var1}something${var2}" | wc -c
# Result:
33
# `echo` does have `-n` to suppress newline, but...
# SC2039: In POSIX sh, echo flags are undefined.
echo -n "${var1}something${var2}" | wc -c
# Result:
32 # sometimes, other times an error
@endcode
`printf` also has the benefit of separating the format from the actual variables
which has many use cases. One such use case is coloring output with ANSI escape
sequence codes, see the `test_finish` function in
`src/lib/testutils/dhcp_test_lib.sh.in`, which is not possible with POSIX echo.
- `set -e` should be enabled at all times to immediately fail when a command
returns a non-zero exit code. There are times when you expect a non-zero exit
code in your tests. This is what the `run_command` function in
`src/lib/testutils/dhcp_test_lib.sh.in` is for. It momentarily disables the `-e`
flag to capture the output and exit code and enables it again afterwards. The
variables used are `${EXIT_CODE}` and `${OUTPUT}`. /dev/stderr is not captured.
`run_command` also doesn't work with pipes and redirections. When these
mechanisms are needed, you can always wrap your complex expression in a function
and then call `run_command wrapping_function`. Alternatively, if you only care
about checking for zero exit code, you can use `if` conditions.
@code
# The non-zero exit code does not stop script execution, but we can still adjust
# behavior based on it.
if maybe-failing-command; then
f
else
g
fi
@endcode
There are times when your piped or redirected command that is expected to return
non-zero is so small or has so few instantiations that it doesn't deserve a
separate function. Such an example could be grepping for something in a
variable. `grep` returns a non-zero exit code if it doesn't find anything. In
that case, you can add `|| true` at the end to signal the fact that you allow
finding nothing like so:
@code
printf '%s' "${var}" | grep -F 'search-criterion' || true
@endcode
- `set -u` should be enabled at all times to immediately signal an undefined
variable. If you're a stickler for the legacy behavior of defaulting to an empty
space then you can reference all your variables with:
@code
# Default variable is an empty space.
${var-}
# Or like this if you prefer to quote the empty space.
${var-''}
@endcode
- SC2086: Double quote to prevent globbing and word splitting.
Even though covered by shellcheck, it's worth mentioning because shellcheck
doesn't always warn you because of what might be a systematic deduction of when
quoting is not needed. Globbing is a pattern matching mechanism. It's used a lot
with the `*` wildcard character e.g. `ls *.txt`. Sometimes, you want to glob
intentionally. In that case, you can omit quoting, but it is preferable to take
the wildcard characters outside the variable so that you are able to quote to
prevent other globbing and word splitting e.g.:
@code
# Globbing done right
ls "${var}"*.txt
# Word splitting problem
path='/home/my user'
ls ${path}
# Result:
ls: cannot access '/home/my': No such file or directory
ls: cannot access 'user': No such file or directory
# Word splitting avoided
path='/home/my user'
ls "${path}"
# Result:
Desktop
Documents
Downloads
@endcode
If you have an expression composed of multiple variables don't just quote the
variables. It's correct, but not readable. Quote the entire expression.
@code
# no
"${var1}"some-fixed-contiguous-value"${var2}"
# yes
"${var1}some-fixed-contiguous-value${var2}"
@endcode
- Single quote expressions when no variables are inside. This is to avoid the
need to escape special shell characters like `$`.
- All shell tests are created from `.in` autoconf template files. They
initially contain template variables like `@prefix@` which are then substituted
with the configured values. All of these should be double quoted, not
single-quoted since they themselves can contain shell variables that need to be
expanded.
- Use `$(...)` notation instead of legacy backticks. One important advantage is
that the `$(...)` notation allows for nested executions.
@code
# SC2006 Use `$(...)` notation instead of legacy backticked `...`.
hostname=`cat /etc/hostname`
# Better
hostname=$(cat /etc/hostname)
# Nested executions
is_ssh_open=$(nc -vz $(cat /etc/hostname).lab.isc.org 22)
# Results in confusing "command not found" messages.
is_ssh_open=`nc -vz `cat /etc/hostname`.lab.isc.org 22`
@endcode
- When using `test` and `[`, `==` is just a convenience alias for `=`. Use `=`
because it's more widely supported. If using, `[[`, then indeed `==` has extra
features like glob matching. But don't use `[[`, it's not part of the POSIX
standard.
- Capturing parameters in functions or scripts simply cannot be done without
breaking POSIX compliance. In POSIX, pass the quoted parameters `"${@}"` as
positional parameters to all the function and scripts invocations. if it gets
too unmanageable or you need custom positional arguments then break your script
into multiple scripts or handle all possible parameters and don't accept any
ad-hoc parameters.
@code
# Neither of these preserve original quoting.
parameters="${*}"
parameters="${@}"
# In advanced shells this could be done with lists.
parameters=( "${@}" )
do-something --some --other --optional --parameters "${parameters[@]}"
# Proper POSIX way
do-something --some --other --optional --parameters "${@}"
@endcode
- Never use `eval`. It doesn't preserve original quoting. Have faith that there
are always good alternatives.
*/