diff options
Diffstat (limited to 'debian/tests/kea-ctrl-agent-debconf')
| -rw-r--r-- | debian/tests/kea-ctrl-agent-debconf | 254 |
1 files changed, 254 insertions, 0 deletions
diff --git a/debian/tests/kea-ctrl-agent-debconf b/debian/tests/kea-ctrl-agent-debconf new file mode 100644 index 0000000..c3456ca --- /dev/null +++ b/debian/tests/kea-ctrl-agent-debconf @@ -0,0 +1,254 @@ +#!/bin/bash + +set -e + +pw_file="/etc/kea/kea-api-password" +pw_secret="secret_password_${RANDOM}" +service="kea-ctrl-agent.service" + +cleanup() { + /bin/true +} + +trap cleanup EXIT + +check_perms() { + local file="${1}" + local wanted_perms="${2}" + local perms + + perms=$(stat -c %U:%G:%a "${file}") + if [ "${perms}" != "${wanted_perms}" ]; then + echo "## ERROR: permissions are ${perms} and should be ${wanted_perms}" + return 1 + else + echo "## OK, permissions are ${perms}" + fi +} + +service_status_must_be() { + local service_status + local wanted_status="${1}" + service_status=$(systemctl is-active "${service}" || /bin/true) + systemctl status "${service}" || /bin/true + if [ "${service_status}" != "${wanted_status}" ]; then + echo "## ERROR, service is ${service_status}" + return 1 + else + echo "## OK, service is ${service_status}" + fi +} + +reconfigure_unconfigured() { + debconf-set-selections << EOF +kea-ctrl-agent kea-ctrl-agent/make_a_choice select unconfigured +EOF + dpkg-reconfigure kea-ctrl-agent +} + +reconfigure_password() { + local password="${1}" + debconf-set-selections << EOF +kea-ctrl-agent kea-ctrl-agent/make_a_choice select configured_password +kea-ctrl-agent kea-ctrl-agent/kea_api_password password ${password} +kea-ctrl-agent kea-ctrl-agent/kea_api_password_again password ${password} +EOF + dpkg-reconfigure kea-ctrl-agent +} + +reconfigure_random() { + debconf-set-selections << EOF +kea-ctrl-agent kea-ctrl-agent/make_a_choice select configured_random_password +EOF + dpkg-reconfigure kea-ctrl-agent +} + +test_fresh_install() { + echo + echo "## Running ${FUNCNAME[0]}" + # On a fresh install, which is the situation we are in as this is the first + # test being run, there is no kea-api-password file, and the service isn't + # running + echo "## Fresh install, default options, there must be no ${pw_file} file" + ls -la "$(dirname ${pw_file})" + test ! -f "${pw_file}" + + echo + echo "## With no ${pw_file}, the service must not be running" + service_status_must_be inactive + echo +} + +test_service_wont_start_without_pwfile() { + echo + echo "## Running ${FUNCNAME[0]}" + echo "## With no ${pw_file}, service must not start" + ls -la "$(dirname ${pw_file})" + test ! -f "${pw_file}" + echo "## Current status:" + systemctl status "${service}" || /bin/true + echo + echo "## Attempting to start ${service}" + systemctl start "${service}" + service_status_must_be inactive + echo +} + +test_configured_password() { + echo + echo "## Running ${FUNCNAME[0]}" + echo "## Reconfiguring kea-ctrl-agent with password ${pw_secret}" + reconfigure_password "${pw_secret}" + + echo "## Checking that ${pw_file} exists and has ${pw_secret}" + ls -la "$(dirname ${pw_file})" + test -f "${pw_file}" + generated_pw=$(cat "${pw_file}") + if [ "${generated_pw}" != "${pw_secret}" ]; then + echo "## ERROR, password from ${pw_file} is not equal to ${pw_secret}: ${generated_pw}" + return 1 + else + echo "## OK, password from ${pw_file} is ${generated_pw}" + fi + + echo "## Checking that ${pw_file} has expected permissions and ownership" + check_perms "${pw_file}" "root:_kea:640" + echo + + echo + echo "## Checking that the service is running" + service_status_must_be active +} + +test_configured_random_password() { + local generated_pw + + echo + echo "## Running ${FUNCNAME[0]}" + echo "## Reconfiguring kea-ctrl-agent with random password option" + reconfigure_random + + echo "## Checking that ${pw_file} exists and has a password different from ${pw_secret}" + ls -la "$(dirname ${pw_file})" + test -f "${pw_file}" + + generated_pw=$(cat "${pw_file}") + if [ "${generated_pw}" = "${pw_secret}" ]; then + echo "## ERROR, generated random password \"${generated_pw}\" is equal to \"${pw_secret}\"" + return 1 + else + echo "## OK, generated random password is \"${generated_pw}\"" + fi + echo + echo "## Checking that ${pw_file} has expected permissions and ownership" + check_perms "${pw_file}" "root:_kea:640" + echo + + echo + echo "## Checking that the service is running" + service_status_must_be active +} + +test_unconfigured() { + local -r new_secret="${pw_secret}${pw_secret}" + local contents + + echo + echo "## Running ${FUNCNAME[0]}" + echo "## Reconfiguring kea-ctrl-agent with option \"unconfigured\" should leave things as they were" + echo + echo "## Overwriting ${pw_file} with ${new_secret}" + printf "%s" "${new_secret}" > "${pw_file}" + + echo "## Reconfiguring" + reconfigure_unconfigured + + echo + echo "## ${pw_file} should still contain ${new_secret}" + contents=$(cat "${pw_file}") + if [ "${contents}" != "${new_secret}" ]; then + echo "## ERROR, ${pw_file} now contains \"${contents}\"" + return 1 + else + echo "## OK, same content" + fi + + echo "## Removing ${pw_file} and reconfiguring, a new one should not be created, and the service must be stopped" + rm -f "${pw_file}" + ls -la $(dirname "${pw_file}") + echo "## Reconfiguring" + reconfigure_unconfigured + + echo "## ${pw_file} was not recreated" + ls -la $(dirname "${pw_file}") + test ! -f "${pw_file}" + echo "## With no ${pw_file}, the service must not be running" + service_status_must_be inactive +} + +test_no_start_with_empty_password() { + echo + echo "## Running ${FUNCNAME[0]}" + echo "## kea-ctrl-agent must not start with an empty password file" + echo + echo "## Truncating ${pw_file}" + truncate -s 0 "${pw_file}" + ls -la $(dirname "${pw_file}") + test ! -s "${pw_file}" + echo + echo "## Restarting kea-ctrl-agent" + systemctl restart "${service}" + echo + echo "## Service must not be started" + service_status_must_be inactive +} + +test_empty_password_via_debconf() { + local service_status + local contents + + echo + echo "## Running ${FUNCNAME[0]}" + echo "## Reconfiguring with password set to ${pw_secret}" + reconfigure_password "${pw_secret}" + + echo + echo "## ${pw_file} must now contain ${pw_secret}" + contents=$(cat "${pw_file}") + if [ "${contents}" != "${pw_secret}" ]; then + echo "## ERROR, ${pw_file} now contains \"${contents}\"" + return 1 + else + echo "## OK, same content" + fi + + echo + echo "## Service must be running" + service_status_must_be active + + echo + echo "## Reconfiguring with an empty password should not change the existing password" + # set an empty password (no args) + reconfigure_password + ls -la $(dirname "${pw_file}") + contents=$(cat "${pw_file}") + if [ "${contents}" != "${pw_secret}" ]; then + echo "## ERROR, ${pw_file} now contains \"${contents}\"" + return 1 + else + echo "## OK, same content" + fi + + echo + echo "## Service must be running" + service_status_must_be active +} + + +test_fresh_install +test_service_wont_start_without_pwfile +test_configured_password +test_configured_random_password +test_unconfigured +test_no_start_with_empty_password +test_empty_password_via_debconf |