evolix/evobackup
22
0
Fork 1
Code Issues 27 Pull requests 6 Releases 18 Activity

Split tests in a few files and add many tests for incs and checks

Browse source
This commit is contained in:
Jérémy Lecour 2020-04-05 11:42:11 +02:00 committed by Jérémy Lecour
parent d29743357a
commit 5937a2d7aa
5 changed files with 361 additions and 217 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

136
test/checks.bats Normal file
View file

@ -0,0 +1,136 @@
#!/usr/bin/env bats
load test_helper
@test "Check OK for default values" {
touch "${JAILPATH}/var/log/lastlog"
# With default values (2 days critical, 1 day warning),
# a freshly connected jail should be "ok"
run /usr/lib/bkctld/bkctld-check
assert_equal "0" "$status"
}
@test "Check WARNING for default values" {
lastlog_date=$(date -d -2days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
# With default values (2 days critical, 1 day warning),
# a 2 days old jail should be "warning"
run /usr/lib/bkctld/bkctld-check
assert_equal "1" "$status"
}
@test "Check CRITICAL for default values" {
lastlog_date=$(date -d -3days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
# With default values (2 days critical, 1 day warning),
# a 3 days old jail should be "critical"
run /usr/lib/bkctld/bkctld-check
assert_equal "2" "$status"
}
@test "Check OK for custom values" {
lastlog_date=$(date -d -3days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
cat > "/etc/evobackup/${JAILNAME}.d/check_policy" <<OUT
CRITICAL=120
WARNING=96
OUT
# With custom values (5 days critical, 4 days warning),
# a 3 days old jail should be "ok"
run /usr/lib/bkctld/bkctld-check
assert_equal "0" "$status"
}
@test "Check WARNING for custom values" {
lastlog_date=$(date -d -3days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
cat > "/etc/evobackup/${JAILNAME}.d/check_policy" <<OUT
CRITICAL=96
WARNING=48
OUT
# With custom values (4 days critical, 3 days warning),
# a 3 days old jail should be "warning"
run /usr/lib/bkctld/bkctld-check
assert_equal "1" "$status"
}
@test "Check CRITICAL for custom values" {
lastlog_date=$(date -d -10days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
cat > "/etc/evobackup/${JAILNAME}.d/check_policy" <<OUT
CRITICAL=96
WARNING=48
OUT
# With custom values (4 days critical, 3 days warning),
# a 10 days old jail should be "critical"
run /usr/lib/bkctld/bkctld-check
assert_equal "2" "$status"
}
@test "Check OK for disabled WARNING" {
lastlog_date=$(date -d -2days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
cat > "/etc/evobackup/${JAILNAME}.d/check_policy" <<OUT
WARNING=0
OUT
# With custom values (warning disabled, default critical),
# a 2 days old jail should still be "ok"
run /usr/lib/bkctld/bkctld-check
assert_equal "0" "$status"
}
@test "Check WARNING for disabled CRITICAL" {
lastlog_date=$(date -d -3days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
cat > "/etc/evobackup/${JAILNAME}.d/check_policy" <<OUT
CRITICAL=0
OUT
# With custom values (critical disabled, default warning),
# a 3 days old jail should only be "warning"
run /usr/lib/bkctld/bkctld-check
assert_equal "1" "$status"
}
@test "Custom values are parsed with only integers after equal" {
lastlog_date=$(date -d -3days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
cat > "/etc/evobackup/${JAILNAME}.d/check_policy" <<OUT
CRITICAL=0 # foo
OUT
# With custom values (critical disabled, default warning),
# a 3 days old jail should only be "warning"
run /usr/lib/bkctld/bkctld-check
assert_equal "1" "$status"
}
@test "Commented custom values are ignored" {
lastlog_date=$(date -d -3days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
cat > "/etc/evobackup/${JAILNAME}.d/check_policy" <<OUT
# CRITICAL=0
OUT
# With commented custom values (critical disabled),
# a 3 days old jail should still be "critical"
run /usr/lib/bkctld/bkctld-check
assert_equal "2" "$status"
}
@test "Invalid custom values are ignored" {
lastlog_date=$(date -d -3days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
cat > "/etc/evobackup/${JAILNAME}.d/check_policy" <<OUT
CRITICAL=foo
OUT
# With commented custom values (critical disabled),
# a 3 days old jail should still be "critical"
run /usr/lib/bkctld/bkctld-check
assert_equal "2" "$status"
}

92
test/connectivity.bats Normal file
View file

@ -0,0 +1,92 @@
#!/usr/bin/env bats
load test_helper
@test "Without SSH key" {
run cat "${JAILPATH}/root/.ssh/authorized_keys"
assert_equal "$output" ""
}
@test "With SSH key" {
keyfile=/root/bkctld.key.pub
/usr/lib/bkctld/bkctld-key "${JAILNAME}" "${keyfile}"
# The key should be present in the SSH authorized_keys file
run cat "${JAILPATH}/root/.ssh/authorized_keys"
assert_equal "$output" "$(cat ${keyfile})"
}
@test "Custom port" {
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
/usr/lib/bkctld/bkctld-port "${JAILNAME}" "${PORT}"
# A jail should be accessible on the specified SSH port
run nc -vz 127.0.0.1 "${PORT}"
assert_success
}
@test "No IP restriction" {
# A jail has no IP restriction by default in SSH config
run grep "root@0.0.0.0/0" "${JAILPATH}/etc/ssh/sshd_config"
assert_success
}
@test "Single IP restriction" {
# When an IP is added for a jail
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.1"
# An IP restriction should be present in SSH config
run grep "root@10.0.0.1" "${JAILPATH}/etc/ssh/sshd_config"
assert_success
}
@test "Multiple IP restrictions" {
# When multiple IP are added for a jail
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.1"
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.2"
# The corresponding IP restrictions should be present in SSH config
run grep -E -o "root@10.0.0.[0-9]+" "${JAILPATH}/etc/ssh/sshd_config"
assert_line "root@10.0.0.1"
assert_line "root@10.0.0.2"
}
@test "Removing IP restriction" {
# Add an IP
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.1"
# Remove IP
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "0.0.0.0/0"
# All IP restrictions should be removed from SSH config
run grep "root@0.0.0.0/0" "${JAILPATH}/etc/ssh/sshd_config"
assert_success
}
@test "SSH connectivity" {
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
/usr/lib/bkctld/bkctld-port "${JAILNAME}" "${PORT}"
/usr/lib/bkctld/bkctld-key "${JAILNAME}" /root/bkctld.key.pub
ssh_options="-p ${PORT} -i /root/bkctld.key -oStrictHostKeyChecking=no"
# A started jail should be accessible via SSH
run ssh ${ssh_options} root@127.0.0.1 ls
assert_success
/usr/lib/bkctld/bkctld-stop "${JAILNAME}"
# A stopped jail should not be accessible via SSH
run ssh ${ssh_options} root@127.0.0.1 ls
assert_failure
}
@test "Rsync connectivity" {
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
/usr/lib/bkctld/bkctld-port "${JAILNAME}" "${PORT}"
/usr/lib/bkctld/bkctld-key "${JAILNAME}" /root/bkctld.key.pub
ssh_options="-p ${PORT} -i /root/bkctld.key -oStrictHostKeyChecking=no"
# A started jail should be accessible via Rsync
run rsync -a -e "ssh ${ssh_options}" /tmp/ root@127.0.0.1:/var/backup/
assert_success
/usr/lib/bkctld/bkctld-stop "${JAILNAME}"
# A stopped jail should not be accessible via Rsync
run rsync -a -e "${ssh_options}" /tmp/ root@127.0.0.1:/var/backup/
assert_failure
}

101
test/incs.bats Normal file
View file

@ -0,0 +1,101 @@
#!/usr/bin/env bats
load test_helper
@test "Inc policy after jail init" {
# An incs_policy file should exist
run test -e "${CONFDIR}/${JAILNAME}.d/incs_policy"
[ "${status}" -eq 0 ]
}
@test "Normal inc creation" {
/usr/lib/bkctld/bkctld-inc
if is_btrfs "/backup"; then
# On a btrfs filesystem, the inc should be a btrfs volume
run is_btrfs "${INCSPATH}/${INC_NAME}"
assert_success
else
# On an ext4 filesystem, the inc should be a regular directory
run test -d "${INCSPATH}/${INC_NAME}"
assert_success
fi
}
@test "Normal inc creation (with old incs policy)" {
mv "${CONFDIR}/${JAILNAME}.d/incs_policy" "${CONFDIR}/${JAILNAME}"
/usr/lib/bkctld/bkctld-inc
if is_btrfs "/backup"; then
# On a btrfs filesystem, the inc should be a btrfs volume
run is_btrfs "${INCSPATH}/${INC_NAME}"
assert_success
else
# On an ext4 filesystem, the inc should be a regular directory
run test -d "${INCSPATH}/${INC_NAME}"
assert_success
fi
}
@test "No inc creation without inc policy" {
# Remove inc_policy
rm -f "${CONFDIR}/${JAILNAME}.d/incs_policy"
# … and old file
rm -f "${CONFDIR}/${JAILNAME}"
/usr/lib/bkctld/bkctld-inc
run test -d "${INCSPATH}/${INC_NAME}"
assert_failure
}
@test "No inc creation with LOCK" {
run rm -rf "${INCSPATH}"
assert_success
touch "/run/lock/bkctld/inc-${JAILNAME}-${INC_NAME}.lock"
/usr/lib/bkctld/bkctld-inc
run test -d "${INCSPATH}/${INC_NAME}"
assert_failure
}
@test "Recent inc is kept after 'rm'" {
# Setup simple incs policy
echo "+%Y-%m-%d.-0day" > "${CONFDIR}/${JAILNAME}.d/incs_policy"
# Prepare an inc older than the policy
recent_inc_path="${INCSPATH}/${INC_NAME}"
# Create the inc, then run 'rm'
/usr/lib/bkctld/bkctld-inc
/usr/lib/bkctld/bkctld-rm
# Recent inc should be present
run test -d "${recent_inc_path}"
assert_success
}
@test "Older inc is removed by 'rm'" {
# Setup simple incs policy
echo "+%Y-%m-%d.-0day" > "${CONFDIR}/${JAILNAME}.d/incs_policy"
# Prepare an inc older than the policy
recent_inc_path="${INCSPATH}/${INC_NAME}"
older_inc_name=$(date -d -1days +"%Y-%m-%d-%H")
older_inc_path="${INCSPATH}/${older_inc_name}"
# Create the inc, rename it to make it older, then run 'rm'
/usr/lib/bkctld/bkctld-inc
mv "${recent_inc_path}" "${older_inc_path}"
/usr/lib/bkctld/bkctld-rm
# Older inc should be removed
run test -d "${older_inc_path}"
assert_failure
}
# TODO: add many tests for incs (creation and removal)

217
test/main.bats
View file

@ -2,29 +2,6 @@
load test_helper
setup() {
. /usr/lib/bkctld/includes
rm -f /root/bkctld.key*
ssh-keygen -t rsa -N "" -f /root/bkctld.key -q
grep -qE "^BACKUP_DISK=" /etc/default/bkctld || echo "BACKUP_DISK=/dev/vdb" >> /etc/default/bkctld
JAILNAME=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w15 | head -n1)
JAILPATH="/backup/jails/${JAILNAME}"
INCSPATH="/backup/incs/${JAILNAME}"
PORT=$(awk -v min=2222 -v max=2999 'BEGIN{srand(); print int(min+rand()*(max-min+1))}')
INC_NAME=$(date +"%Y-%m-%d-%H")
inode=$(stat --format=%i /backup)
/usr/lib/bkctld/bkctld-init "${JAILNAME}"
}
teardown() {
/usr/lib/bkctld/bkctld-remove "${JAILNAME}" && rm -rf "${INCSPATH}"
}
@test "init-filesystem" {
inode=$(stat --format=%i /backup)
if [ "${inode}" -eq 256 ]; then
@ -38,12 +15,6 @@ teardown() {
fi
}
@test "init-incs-policy" {
# An incs_policy file should exist
run test -e "${CONFDIR}/${JAILNAME}.d/incs_policy"
[ "${status}" -eq 0 ]
}
@test "start" {
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
pid=$(cat "${JAILPATH}/${SSHD_PID}")
@ -96,191 +67,3 @@ teardown() {
run /usr/lib/bkctld/bkctld-is-on "${JAILNAME}"
assert_failure
}
@test "key-absent" {
run cat "${JAILPATH}/root/.ssh/authorized_keys"
assert_equal "$output" ""
}
@test "key-present" {
keyfile=/root/bkctld.key.pub
/usr/lib/bkctld/bkctld-key "${JAILNAME}" "${keyfile}"
# The key should be present in the SSH authorized_keys file
run cat "${JAILPATH}/root/.ssh/authorized_keys"
assert_equal "$output" "$(cat ${keyfile})"
}
@test "port" {
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
/usr/lib/bkctld/bkctld-port "${JAILNAME}" "${PORT}"
# A jail should be accessible on the specified SSH port
run nc -vz 127.0.0.1 "${PORT}"
assert_success
}
@test "ip-none" {
# A jail has no IP restriction by default in SSH config
run grep "root@0.0.0.0/0" "${JAILPATH}/etc/ssh/sshd_config"
assert_success
}
@test "ip-single" {
# When an IP is added for a jail
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.1"
# An IP restriction should be present in SSH config
run grep "root@10.0.0.1" "${JAILPATH}/etc/ssh/sshd_config"
assert_success
}
@test "ip-multiple" {
# When multiple IP are added for a jail
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.1"
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.2"
# The corresponding IP restrictions should be present in SSH config
run grep -E -o "root@10.0.0.[0-9]+" "${JAILPATH}/etc/ssh/sshd_config"
assert_line "root@10.0.0.1"
assert_line "root@10.0.0.2"
}
@test "ip-remove" {
# Add an IP
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.1"
# Remove IP
/usr/lib/bkctld/bkctld-ip "${JAILNAME}" "0.0.0.0/0"
# All IP restrictions should be removed from SSH config
run grep "root@0.0.0.0/0" "${JAILPATH}/etc/ssh/sshd_config"
assert_success
}
@test "inc" {
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
/usr/lib/bkctld/bkctld-inc
if [ "${inode}" -eq 256 ]; then
# On a btrfs filesystem, the inc should be a btrfs volume
run stat --format=%i "${INCSPATH}/${INC_NAME}"
assert_success 256
else
# On an ext4 filesystem, the inc should be a regular directory
run test -d "${INCSPATH}/${INC_NAME}"
assert_success
fi
}
@test "ssh" {
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
/usr/lib/bkctld/bkctld-port "${JAILNAME}" "${PORT}"
/usr/lib/bkctld/bkctld-key "${JAILNAME}" /root/bkctld.key.pub
ssh_options="-p ${PORT} -i /root/bkctld.key -oStrictHostKeyChecking=no"
# A started jail should be accessible via SSH
run ssh ${ssh_options} root@127.0.0.1 ls
assert_success
/usr/lib/bkctld/bkctld-stop "${JAILNAME}"
# A stopped jail should not be accessible via SSH
run ssh ${ssh_options} root@127.0.0.1 ls
assert_failure
}
@test "rsync" {
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
/usr/lib/bkctld/bkctld-port "${JAILNAME}" "${PORT}"
/usr/lib/bkctld/bkctld-key "${JAILNAME}" /root/bkctld.key.pub
ssh_options="-p ${PORT} -i /root/bkctld.key -oStrictHostKeyChecking=no"
# A started jail should be accessible via Rsync
run rsync -a -e "ssh ${ssh_options}" /tmp/ root@127.0.0.1:/var/backup/
assert_success
/usr/lib/bkctld/bkctld-stop "${JAILNAME}"
# A stopped jail should not be accessible via Rsync
run rsync -a -e "${ssh_options}" /tmp/ root@127.0.0.1:/var/backup/
assert_failure
}
@test "check-default-ok" {
touch "${JAILPATH}/var/log/lastlog"
# With default values (2 days critical, 1 day warning),
# a freshly connected jail should be "ok"
run /usr/lib/bkctld/bkctld-check
assert_equal "$status" "0"
}
@test "check-default-warning" {
lastlog_date=$(date -d -2days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
# With default values (2 days critical, 1 day warning),
# a 2 days old jail should be "warning"
run /usr/lib/bkctld/bkctld-check
assert_equal "$status" "1"
}
@test "check-default-critical" {
lastlog_date=$(date -d -3days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
# With default values (2 days critical, 1 day warning),
# a 3 days old jail should be "critical"
run /usr/lib/bkctld/bkctld-check
assert_equal "$status" "2"
}
@test "check-custom-ok" {
lastlog_date=$(date -d -3days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
echo "CRITICAL=120" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
echo "WARNING=96" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
# With custom values (5 days critical, 4 days warning),
# a 3 days old jail should be "ok"
run /usr/lib/bkctld/bkctld-check
assert_equal "$status" "0"
}
@test "check-custom-warning" {
lastlog_date=$(date -d -3days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
echo "CRITICAL=96" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
echo "WARNING=48" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
# With custom values (4 days critical, 3 days warning),
# a 3 days old jail should be "warning"
run /usr/lib/bkctld/bkctld-check
assert_equal "$status" "1"
}
@test "check-custom-critical" {
lastlog_date=$(date -d -10days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
echo "CRITICAL=96" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
echo "WARNING=48" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
# With custom values (4 days critical, 3 days warning),
# a 10 days old jail should be "critical"
run /usr/lib/bkctld/bkctld-check
assert_equal "$status" "2"
}
@test "check-disabled-warning" {
lastlog_date=$(date -d -2days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
echo "WARNING=0" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
# With custom values (warning disabled, default critical),
# a 2 days old jail should still be "ok"
run /usr/lib/bkctld/bkctld-check
assert_equal "$status" "0"
}
@test "check-disabled-critical" {
lastlog_date=$(date -d -3days --iso-8601=seconds)
touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog"
echo "CRITICAL=0" >> "/etc/evobackup/${JAILNAME}.d/check_policy"
# With custom values (critical disabled, default warning),
# a 3 days old jail should only be "warning"
run /usr/lib/bkctld/bkctld-check
assert [ "$status" = "1" ]
}

32
test/test_helper.bash
View file

@ -1,3 +1,35 @@
setup() {
. /usr/lib/bkctld/includes
rm -f /root/bkctld.key*
ssh-keygen -t rsa -N "" -f /root/bkctld.key -q
grep -qE "^BACKUP_DISK=" /etc/default/bkctld || echo "BACKUP_DISK=/dev/vdb" >> /etc/default/bkctld
JAILNAME=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w15 | head -n1)
JAILPATH="/backup/jails/${JAILNAME}"
INCSPATH="/backup/incs/${JAILNAME}"
PORT=$(awk -v min=2222 -v max=2999 'BEGIN{srand(); print int(min+rand()*(max-min+1))}')
INC_NAME=$(date +"%Y-%m-%d-%H")
inode=$(stat --format=%i /backup)
/usr/lib/bkctld/bkctld-init "${JAILNAME}"
}
teardown() {
/usr/lib/bkctld/bkctld-remove "${JAILNAME}" && rm -rf "${INCSPATH}"
}
is_btrfs() {
path=$1
inode=$(stat --format=%i "${path}")
test $inode -eq 256
}
flunk() {
{ if [ "$#" -eq 0 ]; then cat -
else echo "$@"