#!/usr/bin/env bats # shellcheck disable=SC1089,SC1083,SC2154 load test_helper @test "Check jails OK" { run /usr/lib/bkctld/bkctld-check-jails assert_equal "0" "$status" } @test "Check jails OK for default values" { touch "${JAILPATH}/var/log/lastlog" # With default values (2 days critical, 1 day warning), # a freshly connected jail should be "ok" run /usr/lib/bkctld/bkctld-check-jails assert_equal "0" "$status" } @test "Check jails WARNING for default values" { lastlog_date=$(date -d -2days --iso-8601=seconds) touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog" # With default values (2 days critical, 1 day warning), # a 2 days old jail should be "warning" run /usr/lib/bkctld/bkctld-check-jails assert_equal "1" "$status" } @test "Check jails CRITICAL for default values" { lastlog_date=$(date -d -3days --iso-8601=seconds) touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog" # With default values (2 days critical, 1 day warning), # a 3 days old jail should be "critical" run /usr/lib/bkctld/bkctld-check-jails assert_equal "2" "$status" } @test "Check jails OK for custom values" { lastlog_date=$(date -d -3days --iso-8601=seconds) touch --date="${lastlog_date}" "${JAILPATH}/var/log/lastlog" cat > "/etc/evobackup/${JAILNAME}.d/check_policy" < "/etc/evobackup/${JAILNAME}.d/check_policy" < "/etc/evobackup/${JAILNAME}.d/check_policy" < "/etc/evobackup/${JAILNAME}.d/check_policy" < "/etc/evobackup/${JAILNAME}.d/check_policy" < "/etc/evobackup/${JAILNAME}.d/check_policy" < "/etc/evobackup/${JAILNAME}.d/check_policy" < "/etc/evobackup/${JAILNAME}.d/check_policy" < "${firewall_rules_file}" # Without sourcing echo "" > "/etc/default/minifirewall" # … the check should be "warning" run /usr/lib/bkctld/bkctld-check-setup assert_equal "1" "$status" } @test "Check setup OK if firewall rules are sourced" { /usr/lib/bkctld/bkctld-start ${JAILNAME} mkdir --parents /etc/minifirewall.d/ firewall_rules_file="/etc/minifirewall.d/bkctld" set_variable "/etc/default/bkctld" "FIREWALL_RULES" "${firewall_rules_file}" echo "" > "${firewall_rules_file}" # Sourcing file with '.' echo ". ${firewall_rules_file}" > "/etc/default/minifirewall" # … the check should be "ok" run /usr/lib/bkctld/bkctld-check-setup assert_equal "0" "$status" # Sourcing file with 'source' echo "source ${firewall_rules_file}" > "/etc/default/minifirewall" # … the check should be "ok" run /usr/lib/bkctld/bkctld-check-setup assert_equal "0" "$status" } @test "Check setup CRITICAL if jail is stopped" { run /usr/lib/bkctld/bkctld-check-setup assert_equal "2" "$status" } @test "Check setup OK if all jails are started" { /usr/lib/bkctld/bkctld-start ${JAILNAME} run /usr/lib/bkctld/bkctld-check-setup assert_equal "0" "$status" } @test "Check setup OK if jail is supposed to be stopped" { cat > "/etc/evobackup/${JAILNAME}.d/check_policy" < ${stderrPath} # Verify if run grep -E "^stat:" ${stderrPath} assert_failure } # TODO: write many more tests for bkctld-check-incs @test "Check-canary fails if a canary file doesn't exist" { run /usr/lib/bkctld/bkctld-check-canary "${JAILNAME}" assert_equal "$status" "2" assert_line "CRITICAL - ${JAILNAME} - missing /zzz_evobackup_canary file" } @test "Check-canary fails if a canary is missing today's entries" { today="$(date +%Y-%m-%d)" touch "${JAILPATH}/var/backup/zzz_evobackup_canary" run /usr/lib/bkctld/bkctld-check-canary "${JAILNAME}" assert_equal "$status" "2" assert_line "CRITICAL - ${JAILNAME} - No entry for ${today} in /zzz_evobackup_canary file" } @test "Check-canary succeeds if a canary has today's entries" { echo "$(date "+%FT%T%z") bats-test" >> "${JAILPATH}/var/backup/zzz_evobackup_canary" run /usr/lib/bkctld/bkctld-check-canary "${JAILNAME}" assert_success }