1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
|
#!/bin/bash
set -e
pw_file="/etc/kea/kea-api-password"
pw_secret="secret_password_${RANDOM}"
service="kea-ctrl-agent.service"
cleanup() {
/bin/true
}
trap cleanup EXIT
check_perms() {
local file="${1}"
local wanted_perms="${2}"
local perms
perms=$(stat -c %U:%G:%a "${file}")
if [ "${perms}" != "${wanted_perms}" ]; then
echo "## ERROR: permissions are ${perms} and should be ${wanted_perms}"
return 1
else
echo "## OK, permissions are ${perms}"
fi
}
service_status_must_be() {
local service_status
local wanted_status="${1}"
service_status=$(systemctl is-active "${service}" || /bin/true)
systemctl status "${service}" || /bin/true
if [ "${service_status}" != "${wanted_status}" ]; then
echo "## ERROR, service is ${service_status}"
return 1
else
echo "## OK, service is ${service_status}"
fi
}
reconfigure_unconfigured() {
debconf-set-selections << EOF
kea-ctrl-agent kea-ctrl-agent/make_a_choice select unconfigured
EOF
dpkg-reconfigure kea-ctrl-agent
}
reconfigure_password() {
local password="${1}"
debconf-set-selections << EOF
kea-ctrl-agent kea-ctrl-agent/make_a_choice select configured_password
kea-ctrl-agent kea-ctrl-agent/kea_api_password password ${password}
kea-ctrl-agent kea-ctrl-agent/kea_api_password_again password ${password}
EOF
dpkg-reconfigure kea-ctrl-agent
}
reconfigure_random() {
debconf-set-selections << EOF
kea-ctrl-agent kea-ctrl-agent/make_a_choice select configured_random_password
EOF
dpkg-reconfigure kea-ctrl-agent
}
test_fresh_install() {
echo
echo "## Running ${FUNCNAME[0]}"
# On a fresh install, which is the situation we are in as this is the first
# test being run, there is no kea-api-password file, and the service isn't
# running
echo "## Fresh install, default options, there must be no ${pw_file} file"
ls -la "$(dirname ${pw_file})"
test ! -f "${pw_file}"
echo
echo "## With no ${pw_file}, the service must not be running"
service_status_must_be inactive
echo
}
test_service_wont_start_without_pwfile() {
echo
echo "## Running ${FUNCNAME[0]}"
echo "## With no ${pw_file}, service must not start"
ls -la "$(dirname ${pw_file})"
test ! -f "${pw_file}"
echo "## Current status:"
systemctl status "${service}" || /bin/true
echo
echo "## Attempting to start ${service}"
systemctl start "${service}"
service_status_must_be inactive
echo
}
test_configured_password() {
echo
echo "## Running ${FUNCNAME[0]}"
echo "## Reconfiguring kea-ctrl-agent with password ${pw_secret}"
reconfigure_password "${pw_secret}"
echo "## Checking that ${pw_file} exists and has ${pw_secret}"
ls -la "$(dirname ${pw_file})"
test -f "${pw_file}"
generated_pw=$(cat "${pw_file}")
if [ "${generated_pw}" != "${pw_secret}" ]; then
echo "## ERROR, password from ${pw_file} is not equal to ${pw_secret}: ${generated_pw}"
return 1
else
echo "## OK, password from ${pw_file} is ${generated_pw}"
fi
echo "## Checking that ${pw_file} has expected permissions and ownership"
check_perms "${pw_file}" "root:_kea:640"
echo
echo
echo "## Checking that the service is running"
service_status_must_be active
}
test_configured_random_password() {
local generated_pw
echo
echo "## Running ${FUNCNAME[0]}"
echo "## Reconfiguring kea-ctrl-agent with random password option"
reconfigure_random
echo "## Checking that ${pw_file} exists and has a password different from ${pw_secret}"
ls -la "$(dirname ${pw_file})"
test -f "${pw_file}"
generated_pw=$(cat "${pw_file}")
if [ "${generated_pw}" = "${pw_secret}" ]; then
echo "## ERROR, generated random password \"${generated_pw}\" is equal to \"${pw_secret}\""
return 1
else
echo "## OK, generated random password is \"${generated_pw}\""
fi
echo
echo "## Checking that ${pw_file} has expected permissions and ownership"
check_perms "${pw_file}" "root:_kea:640"
echo
echo
echo "## Checking that the service is running"
service_status_must_be active
}
test_unconfigured() {
local -r new_secret="${pw_secret}${pw_secret}"
local contents
echo
echo "## Running ${FUNCNAME[0]}"
echo "## Reconfiguring kea-ctrl-agent with option \"unconfigured\" should leave things as they were"
echo
echo "## Overwriting ${pw_file} with ${new_secret}"
printf "%s" "${new_secret}" > "${pw_file}"
echo "## Reconfiguring"
reconfigure_unconfigured
echo
echo "## ${pw_file} should still contain ${new_secret}"
contents=$(cat "${pw_file}")
if [ "${contents}" != "${new_secret}" ]; then
echo "## ERROR, ${pw_file} now contains \"${contents}\""
return 1
else
echo "## OK, same content"
fi
echo "## Removing ${pw_file} and reconfiguring, a new one should not be created, and the service must be stopped"
rm -f "${pw_file}"
ls -la $(dirname "${pw_file}")
echo "## Reconfiguring"
reconfigure_unconfigured
echo "## ${pw_file} was not recreated"
ls -la $(dirname "${pw_file}")
test ! -f "${pw_file}"
echo "## With no ${pw_file}, the service must not be running"
service_status_must_be inactive
}
test_no_start_with_empty_password() {
echo
echo "## Running ${FUNCNAME[0]}"
echo "## kea-ctrl-agent must not start with an empty password file"
echo
echo "## Truncating ${pw_file}"
truncate -s 0 "${pw_file}"
ls -la $(dirname "${pw_file}")
test ! -s "${pw_file}"
echo
echo "## Restarting kea-ctrl-agent"
systemctl restart "${service}"
echo
echo "## Service must not be started"
service_status_must_be inactive
}
test_empty_password_via_debconf() {
local service_status
local contents
echo
echo "## Running ${FUNCNAME[0]}"
echo "## Reconfiguring with password set to ${pw_secret}"
reconfigure_password "${pw_secret}"
echo
echo "## ${pw_file} must now contain ${pw_secret}"
contents=$(cat "${pw_file}")
if [ "${contents}" != "${pw_secret}" ]; then
echo "## ERROR, ${pw_file} now contains \"${contents}\""
return 1
else
echo "## OK, same content"
fi
echo
echo "## Service must be running"
service_status_must_be active
echo
echo "## Reconfiguring with an empty password should not change the existing password"
# set an empty password (no args)
reconfigure_password
ls -la $(dirname "${pw_file}")
contents=$(cat "${pw_file}")
if [ "${contents}" != "${pw_secret}" ]; then
echo "## ERROR, ${pw_file} now contains \"${contents}\""
return 1
else
echo "## OK, same content"
fi
echo
echo "## Service must be running"
service_status_must_be active
}
test_fresh_install
test_service_wont_start_without_pwfile
test_configured_password
test_configured_random_password
test_unconfigured
test_no_start_with_empty_password
test_empty_password_via_debconf
|
