def test_keybaseca_sign(self, test_config):
# Stdout contains a useful message
with open("/shared/keybaseca-sign.out") as f:
assert "Provisioned new certificate" in f.read()
# SSH with that certificate should just work for every team
assert_contains_hash(
test_config.expected_hash,
run_command(
f"ssh -q -o StrictHostKeyChecking=no -i "
f"/shared/userkey user@sshd-prod 'sha1sum /etc/unique'"),
)
assert_contains_hash(
test_config.expected_hash,
run_command(
f"ssh -q -o StrictHostKeyChecking=no -i "
f"/shared/userkey root@sshd-prod 'sha1sum /etc/unique'"),
)
assert_contains_hash(
test_config.expected_hash,
run_command(
f"ssh -q -o StrictHostKeyChecking=no -i "
f"/shared/userkey user@sshd-staging 'sha1sum /etc/unique'"),
)
assert_contains_hash(
test_config.expected_hash,
run_command(
f"ssh -q -o StrictHostKeyChecking=no -i "
f"/shared/userkey root@sshd-prod 'sha1sum /etc/unique'"),
)
# Checking that it actually contains the correct principals
assert get_principals("/shared/userkey-cert.pub") == set(
test_config.subteams)
def tearDown(self):
self.rods_session.assert_icommand(
'icd') # for home directory assumption
self.rods_session.assert_icommand(
['ichmod', '-r', 'own', self.rods_session.username, '.'])
self.rods_session.run_icommand([
'imcoll', '-U',
self.rods_session.home_collection + '/test/phypathreg'
])
self.rods_session.run_icommand(
'irm -rf test ruletest forphymv sub1 sub2 sub3 bagit rules bagit.tar /'
+ self.rods_session.zone_name + '/bundle/home/' +
self.rods_session.username)
self.rods_session.assert_icommand('iadmin rmresc testallrulesResc')
self.rods_session.assert_icommand('iadmin rmuser devtestuser')
self.rods_session.assert_icommand(
'iqdel -a') # remove all/any queued rules
# cleanup mods in iRODS config dir
lib.run_command('mv -f {0}/core.re.bckp {0}/core.re'.format(
self.conf_dir, self.conf_dir))
lib.run_command('rm -f %s/*.test.re' % self.conf_dir)
self.rods_session.__exit__()
super(Test_AllRules, self).tearDown()
def test_kssh_spoofed_config(self, test_config):
# Test that even when kssh is forced to run by a spoofed config, the CA bot ignores messages that are in the
# wrong channel
with outputs_audit_log(test_config,
filename="/shared/ca.log",
expected_number=0):
client_config = json.dumps({
'teamname': f"{test_config.subteam}.ssh",
"channelname": "",
"botname": test_config.bot_username
})
run_command(
f"echo '{client_config}' | keybase fs write /keybase/team/{test_config.subteam}.ssh/kssh-client.config"
)
for s in [
'user@sshd-staging', 'root@sshd-staging', 'user@sshd-prod',
'root@sshd-prod'
]:
try:
run_command_with_agent(
f"""bin/kssh -q -o StrictHostKeyChecking=no {s} "sha1sum /etc/unique" """
)
assert False
except subprocess.CalledProcessError as e:
assert b"Failed to get a signed key from the CA: timed out while waiting for a response from the CA" in e.output
def test_configuration_schema_validation_from_file(self):
schemas_git_dir = tempfile.mkdtemp(prefix='irods-test_configuration_schema_validation_from_file-git')
with lib.directory_deleter(schemas_git_dir):
schemas_repo = 'https://github.com/irods/irods_schema_configuration'
lib.run_command(['git', 'clone', schemas_repo, schemas_git_dir])
schemas_branch = 'v3'
lib.run_command(['git', 'checkout', schemas_branch], cwd=schemas_git_dir)
schemas_deploy_dir = tempfile.mkdtemp(prefix='irods-test_configuration_schema_validation_from_file-schemas')
with lib.directory_deleter(schemas_deploy_dir):
lib.assert_command(['python', os.path.join(schemas_git_dir, 'deploy_schemas_locally.py'), '--output_directory_base', schemas_deploy_dir])
with lib.file_backed_up(os.path.join(lib.get_irods_config_dir(), 'server_config.json')) as server_config_filename:
with open(server_config_filename) as f:
server_config = json.load(f)
server_config['schema_validation_base_uri'] = 'file://' + schemas_deploy_dir
lib.update_json_file_from_dict(server_config_filename, server_config)
irodsctl_fullpath = os.path.join(lib.get_irods_top_level_dir(), 'iRODS', 'irodsctl')
if lib.is_jsonschema_installed():
expected_lines = ['Validating [{0}]... Success'.format(os.path.expanduser('~/.irods/irods_environment.json')),
'Validating [{0}/server_config.json]... Success'.format(lib.get_irods_config_dir()),
'Validating [{0}/VERSION.json]... Success'.format(lib.get_irods_top_level_dir()),
'Validating [{0}/hosts_config.json]... Success'.format(lib.get_irods_config_dir()),
'Validating [{0}/host_access_control_config.json]... Success'.format(lib.get_irods_config_dir())]
if not configuration.TOPOLOGY_FROM_RESOURCE_SERVER:
expected_lines.append('Validating [{0}/database_config.json]... Success'.format(lib.get_irods_config_dir()))
lib.assert_command([irodsctl_fullpath, 'restart'], 'STDOUT_MULTILINE', expected_lines)
else:
lib.assert_command([irodsctl_fullpath, 'restart'], 'STDERR_SINGLELINE', 'jsonschema not installed', desired_rc=0)
def test_ping_pong_command(self, test_config):
run_command(f"keybase chat send --channel ssh-provision \
{test_config.subteam}.ssh 'ping @{test_config.bot_username}'")
time.sleep(5)
recent_messages = run_command(f"keybase chat list-unread --since 1m")
assert (b"pong @%s" %
test_config.username.encode("utf-8")) in recent_messages
def pytest_sessionfinish(session, exitstatus):
# Automatically run after all tests in order to ensure that no kssh-client config files stick around
tc = TestConfig.getDefaultTestConfig()
run_command(f"keybase fs rm /keybase/team/{tc.subteam}.ssh/kssh-client.config || true" )
run_command(f"keybase fs rm /keybase/team/{tc.subteam}.ssh.staging/kssh-client.config || true" )
run_command(f"keybase fs rm /keybase/team/{tc.subteam}.ssh.prod/kssh-client.config || true" )
run_command(f"keybase fs rm /keybase/team/{tc.subteam}.ssh.root_everywhere/kssh-client.config || true" )
run_command(f"keybase fs rm /keybase/team/{tc.subteam_secondary}/kssh-client.config || true" )
def test_kssh_alternate_binary(self, test_config):
# Test it by creating another keybase binary earlier in the path and running kssh. This isn't a perfect test but it is
# enough to smoketest it
run_command("echo '#!/bin/bash' | sudo tee /usr/local/bin/keybase")
run_command("sudo chmod +x /usr/local/bin/keybase")
try:
run_command("bin/kssh --set-keybase-binary /usr/bin/keybase")
assert_contains_hash(test_config.expected_hash, run_command_with_agent("bin/kssh -q -o StrictHostKeyChecking=no user@sshd-staging 'sha1sum /etc/unique'"))
run_command("bin/kssh --set-keybase-binary ''")
finally:
run_command("sudo rm /usr/local/bin/keybase")
def test_configuration_schema_validation_from_file(self):
schemas_git_dir = tempfile.mkdtemp(
prefix='irods-test_configuration_schema_validation_from_file-git')
with lib.directory_deleter(schemas_git_dir):
schemas_repo = 'https://github.com/irods/irods_schema_configuration'
lib.run_command(['git', 'clone', schemas_repo, schemas_git_dir])
schemas_branch = 'v3'
lib.run_command(['git', 'checkout', schemas_branch],
cwd=schemas_git_dir)
schemas_deploy_dir = tempfile.mkdtemp(
prefix=
'irods-test_configuration_schema_validation_from_file-schemas')
with lib.directory_deleter(schemas_deploy_dir):
lib.assert_command([
'python',
os.path.join(schemas_git_dir, 'deploy_schemas_locally.py'),
'--output_directory_base', schemas_deploy_dir
])
with lib.file_backed_up(
os.path.join(
lib.get_irods_config_dir(),
'server_config.json')) as server_config_filename:
with open(server_config_filename) as f:
server_config = json.load(f)
server_config[
'schema_validation_base_uri'] = 'file://' + schemas_deploy_dir
lib.update_json_file_from_dict(server_config_filename,
server_config)
irodsctl_fullpath = os.path.join(
lib.get_irods_top_level_dir(), 'iRODS', 'irodsctl')
if lib.is_jsonschema_installed():
expected_lines = [
'Validating [/var/lib/irods/.irods/irods_environment.json]... Success',
'Validating [/etc/irods/server_config.json]... Success',
'Validating [/var/lib/irods/VERSION.json]... Success',
'Validating [/etc/irods/hosts_config.json]... Success',
'Validating [/etc/irods/host_access_control_config.json]... Success'
]
if not configuration.TOPOLOGY_FROM_RESOURCE_SERVER:
expected_lines.append(
'Validating [/etc/irods/database_config.json]... Success'
)
lib.assert_command([irodsctl_fullpath, 'restart'],
'STDOUT_MULTILINE', expected_lines)
else:
lib.assert_command([irodsctl_fullpath, 'restart'],
'STDERR_SINGLELINE',
'jsonschema not installed',
desired_rc=0)
def test_ssl_iput_with_rods_env(self):
lib.run_command('openssl genrsa -out server.key')
lib.run_command('openssl req -batch -new -key server.key -out server.csr')
lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365')
lib.run_command('openssl dhparam -2 -out dhparams.pem 100') # normally 2048, but smaller size here for speed
service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json')
with lib.file_backed_up(service_account_environment_file_path):
server_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
}
lib.update_json_file_from_dict(service_account_environment_file_path, server_update)
client_update = {
'irods_client_server_policy': 'CS_NEG_REQUIRE',
'irods_ssl_verify_server': 'none',
}
session_env_backup = copy.deepcopy(self.admin.environment_file_contents)
self.admin.environment_file_contents.update(client_update)
filename = 'encryptedfile.txt'
filepath = lib.create_local_testfile(filename)
self.admin.assert_icommand(['iinit', self.admin.password])
self.admin.assert_icommand(['iput', filename])
self.admin.assert_icommand(['ils', '-L', filename], 'STDOUT', filename)
self.admin.environment_file_contents = session_env_backup
for f in ['server.key', 'server.csr', 'chain.pem', 'dhparams.pem']:
os.unlink(f)
lib.restart_irods_server()
def tearDown(self):
self.rods_session.assert_icommand('icd') # for home directory assumption
self.rods_session.assert_icommand(['ichmod', '-r', 'own', self.rods_session.username, '.'])
self.rods_session.run_icommand(['imcoll', '-U', self.rods_session.home_collection + '/test/phypathreg'])
self.rods_session.run_icommand('irm -rf test ruletest forphymv sub1 sub2 sub3 bagit rules bagit.tar /' + self.rods_session.zone_name + '/bundle/home/' + self.rods_session.username)
self.rods_session.assert_icommand('iadmin rmresc testallrulesResc')
self.rods_session.assert_icommand('iadmin rmuser devtestuser')
self.rods_session.assert_icommand('iqdel -a') # remove all/any queued rules
# cleanup mods in iRODS config dir
lib.run_command('mv -f {0}/core.re.bckp {0}/core.re'.format(self.conf_dir, self.conf_dir))
lib.run_command('rm -f %s/*.test.re' % self.conf_dir)
self.rods_session.__exit__()
super(Test_AllRules, self).tearDown()
def test_irodsFs_bonnie(self):
bonnie_locations = [
'/usr/local/sbin/bonnie++',
'/usr/local/bin/bonnie++',
'/usr/sbin/bonnie++',
'/usr/bin/bonnie++',
]
for l in bonnie_locations:
if os.path.isfile(l):
bonnie = l
break
else:
assert False, 'bonnie++ binary not found'
rc, out, err = lib.run_command(
[bonnie, '-r', '1', '-c', '2', '-n', '10', '-d', self.mount_point])
formatted_output = '\n'.join([
'rc [{0}]'.format(rc), 'stdout:\n{0}'.format(out),
'stderr:\n{0}'.format(err)
])
assert rc == 0, formatted_output
assert '-Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks--' in out, formatted_output
assert '-Create-- --Read--- -Delete-- -Create-- --Read--- -Delete--' in out, formatted_output
def test_get_null_perms__2833(self):
base_name = 'test_dir_for_perms'
local_dir = os.path.join(self.testing_tmp_dir, base_name)
local_files = lib.make_large_local_tmp_dir(local_dir, 30, 10)
self.admin.assert_icommand(['iput', '-r', local_dir])
rods_files = lib.ils_output_to_entries(self.admin.run_icommand(['ils', base_name])[1])
test_dir = 'test_get_null_perms__2833_dir'
self.admin.assert_icommand(['ichmod','-r','null',self.admin.username,base_name])
self.admin.assert_icommand(['ichmod','read',self.admin.username,base_name+'/'+rods_files[-1]])
self.admin.assert_icommand(['iget','-r',base_name,test_dir],'STDERR_SINGLELINE','CAT_NO_ACCESS_PERMISSION')
assert os.path.isfile(os.path.join(test_dir,'junk0029'))
self.admin.assert_icommand(['ichmod','-r','own',self.admin.username,base_name])
lib.run_command(['rm','-rf',test_dir])
def interrupt_icommand(self, fullcmd, filename, filesize):
''' Runs an icommand, but does not let it complete.
This function terminates the icommand once filename reaches (>=)
filesize in bytes.
Asserts that the icommand was successfully terminated early.
'''
filename = os.path.abspath(filename)
parameters = shlex.split(fullcmd)
print "\n"
print "INTERRUPTING iCMD"
print "running icommand: " + self.username + "[" + fullcmd + "]"
print " filename set to: [" + filename + "]"
print " filesize set to: [" + str(filesize) + "] bytes"
lib.write_to_log('server', ' --- interrupt icommand [{0}] --- \n'.format(fullcmd))
env = os.environ.copy()
env['IRODS_ENVIRONMENT_FILE'] = self._environment_file_path
env['IRODS_AUTHENTICATION_FILE'] = self._authentication_file_path
self._write_environment_file()
timeout = 30
begin = time.time()
granularity = 0.005
p = subprocess.Popen(parameters, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env)
while time.time() - begin < timeout and (not os.path.exists(filename) or os.stat(filename).st_size < filesize):
time.sleep(granularity)
if (time.time() - begin) >= timeout:
print lib.run_command(['ls', '-l', os.path.dirname(filename)])[1]
out, err = p.communicate()
print out, err
print self.run_icommand(['ils', '-l'])[1]
assert False
elif p.poll() is None:
p.terminate()
else:
assert False
return 0
def test_izonereport_and_validate(self):
# bad URL
self.admin.assert_icommand("izonereport > out.txt", use_unsafe_shell=True)
rc, out, err = lib.run_command('python ../../iRODS/scripts/python/validate_json.py out.txt https://example.org/badurl')
print "izonereport stdout: "+out
print "izonereport stderr: "+err
assert "WARNING: Validation Failed" in err, err
assert "ValueError: No JSON object could be decoded" in err, err
assert rc == 0, rc
# good URL
self.admin.assert_icommand("izonereport > out.txt", use_unsafe_shell=True)
rc, out, err = lib.run_command('python ../../iRODS/scripts/python/validate_json.py out.txt https://schemas.irods.org/configuration/v2/zone_bundle.json')
print "izonereport stdout: "+out
print "izonereport stderr: "+err
assert "Validating" in out, out
assert "... Success" in out, out
assert rc == 0, rc
# cleanup
os.remove('out.txt')
def test_authentication_PAM_with_server_params(self):
lib.run_command('openssl genrsa -out server.key')
lib.run_command('openssl req -batch -new -key server.key -out server.csr')
lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365')
lib.run_command('openssl dhparam -2 -out dhparams.pem 100') # normally 2048, but smaller size here for speed
service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json')
with lib.file_backed_up(service_account_environment_file_path):
server_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
}
lib.update_json_file_from_dict(service_account_environment_file_path, server_update)
client_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
'irods_authentication_scheme': 'PaM',
'irods_client_server_policy': 'CS_NEG_REQUIRE',
}
auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents)
self.auth_session.environment_file_contents.update(client_update)
server_config_filename = lib.get_irods_config_dir() + '/server_config.json'
with lib.file_backed_up(server_config_filename):
server_config_update = {
'pam_password_length': 20,
'pam_no_extend': False,
'pam_password_min_time': 121,
'pam_password_max_time': 1209600,
}
lib.update_json_file_from_dict(server_config_filename, server_config_update)
lib.restart_irods_server()
# the test
self.auth_session.assert_icommand(['iinit', self.auth_session.password])
self.auth_session.assert_icommand("icd")
self.auth_session.assert_icommand("ils -L", 'STDOUT_SINGLELINE', "home")
self.auth_session.environment_file_contents = auth_session_env_backup
for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']:
os.unlink(os.path.join(lib.get_irods_top_level_dir(), file))
lib.restart_irods_server()
def test_authentication_PAM_with_server_params(self):
lib.run_command('openssl genrsa -out server.key')
lib.run_command('openssl req -batch -new -key server.key -out server.csr')
lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365')
lib.run_command('openssl dhparam -2 -out dhparams.pem 1024') # normally 2048, but smaller size here for speed
service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json')
with lib.file_backed_up(service_account_environment_file_path):
server_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
}
lib.update_json_file_from_dict(service_account_environment_file_path, server_update)
client_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
'irods_authentication_scheme': 'PaM',
'irods_client_server_policy': 'CS_NEG_REQUIRE',
}
auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents)
self.auth_session.environment_file_contents.update(client_update)
server_config_filename = lib.get_irods_config_dir() + '/server_config.json'
with lib.file_backed_up(server_config_filename):
server_config_update = {
'pam_password_length': 20,
'pam_no_extend': False,
'pam_password_min_time': 121,
'pam_password_max_time': 1209600,
}
lib.update_json_file_from_dict(server_config_filename, server_config_update)
lib.restart_irods_server()
# the test
self.auth_session.assert_icommand(['iinit', self.auth_session.password])
self.auth_session.assert_icommand("icd")
self.auth_session.assert_icommand("ils -L", 'STDOUT_SINGLELINE', "home")
self.auth_session.environment_file_contents = auth_session_env_backup
for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']:
os.unlink(os.path.join(lib.get_irods_top_level_dir(), file))
lib.restart_irods_server()
def test_irodsFs_bonnie(self):
if os.path.isfile('/usr/sbin/bonnie++'):
bonnie = '/usr/sbin/bonnie++'
else:
bonnie = '/usr/bin/bonnie++'
rc, out, err = lib.run_command([bonnie, '-r', '1', '-c', '2', '-n', '10', '-d', self.mount_point])
formatted_output = '\n'.join(['rc [{0}]'.format(rc),
'stdout:\n{0}'.format(out),
'stderr:\n{0}'.format(err)])
assert rc == 0, formatted_output
assert '-Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks--' in out, formatted_output
assert '-Create-- --Read--- -Delete-- -Create-- --Read--- -Delete--' in out, formatted_output
def test_authentication_PAM_without_negotiation(self):
lib.run_command('openssl genrsa -out server.key')
lib.run_command('openssl req -batch -new -key server.key -out server.csr')
lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365')
lib.run_command('openssl dhparam -2 -out dhparams.pem 100') # normally 2048, but smaller size here for speed
service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json')
with lib.file_backed_up(service_account_environment_file_path):
server_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
}
lib.update_json_file_from_dict(service_account_environment_file_path, server_update)
client_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
'irods_authentication_scheme': 'PaM',
}
# now the actual test
auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents)
self.auth_session.environment_file_contents.update(client_update)
# server reboot to pick up new irodsEnv settings
lib.restart_irods_server()
# do the reauth
self.auth_session.assert_icommand(['iinit', self.auth_session.password])
# connect and list some files
self.auth_session.assert_icommand('icd')
self.auth_session.assert_icommand('ils -L', 'STDOUT_SINGLELINE', 'home')
# reset client environment to original
self.auth_session.environment_file_contents = auth_session_env_backup
# clean up
for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']:
os.unlink(os.path.join(lib.get_irods_top_level_dir(), file))
# server reboot to pick up new irodsEnv and server settings
lib.restart_irods_server()
def test_authentication_PAM_without_negotiation(self):
lib.run_command('openssl genrsa -out server.key')
lib.run_command('openssl req -batch -new -key server.key -out server.csr')
lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365')
lib.run_command('openssl dhparam -2 -out dhparams.pem 1024') # normally 2048, but smaller size here for speed
service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json')
with lib.file_backed_up(service_account_environment_file_path):
server_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
}
lib.update_json_file_from_dict(service_account_environment_file_path, server_update)
client_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
'irods_authentication_scheme': 'PaM',
}
# now the actual test
auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents)
self.auth_session.environment_file_contents.update(client_update)
# server reboot to pick up new irodsEnv settings
lib.restart_irods_server()
# do the reauth
self.auth_session.assert_icommand(['iinit', self.auth_session.password])
# connect and list some files
self.auth_session.assert_icommand('icd')
self.auth_session.assert_icommand('ils -L', 'STDOUT_SINGLELINE', 'home')
# reset client environment to original
self.auth_session.environment_file_contents = auth_session_env_backup
# clean up
for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']:
os.unlink(os.path.join(lib.get_irods_top_level_dir(), file))
# server reboot to pick up new irodsEnv and server settings
lib.restart_irods_server()
def test_keybaseca_backup(self):
# Test the keybaseca backup command by reading and verifying the private key stored in /shared/cakey.backup
run_command("mkdir -p /tmp/ssh/")
run_command("chown -R keybase:keybase /tmp/ssh/")
with open('/shared/cakey.backup') as f:
keyLines = []
add = False
for line in f:
if "----" in line and "PRIVATE" in line and "BEGIN" in line:
add = True
if add:
keyLines.append(line.strip())
if "----" in line and "PRIVATE" in line and "END" in line:
add = False
key = '\n'.join(keyLines) + '\n'
with open('/tmp/ssh/cakey', 'w+') as f:
f.write(key)
run_command("chmod 0600 /tmp/ssh/cakey")
output = run_command("ssh-keygen -y -e -f /tmp/ssh/cakey")
assert b"BEGIN SSH2 PUBLIC KEY" in output
def test_irm_rf_nested_coll(self):
# test settings
depth = 50
files_per_level = 5
file_size = 5
# make local nested dirs
coll_name = "test_irm_r_nested_coll"
local_dir = os.path.join(self.testing_tmp_dir, coll_name)
local_dirs = lib.make_deep_local_tmp_dir(local_dir, depth, files_per_level, file_size)
# iput dir
self.user0.assert_icommand("iput -r {local_dir}".format(**locals()), "EMPTY")
# force remove collection
self.user0.assert_icommand("irm -rf {coll_name}".format(**locals()), "EMPTY")
self.user0.assert_icommand("ils {coll_name}".format(**locals()), 'STDERR_SINGLELINE', "does not exist")
# make sure no files are left in the vault
user_vault_dir = os.path.join(lib.get_vault_session_path(self.user0), coll_name)
cmd_out = lib.run_command('find {user_vault_dir} -type f'.format(**locals()))
self.assertEqual(cmd_out[1], '')
def test_irodsFs_bonnie(self):
bonnie_locations = ['/usr/local/sbin/bonnie++',
'/usr/local/bin/bonnie++',
'/usr/sbin/bonnie++',
'/usr/bin/bonnie++',
]
for l in bonnie_locations:
if os.path.isfile(l):
bonnie = l
break
else:
assert False, 'bonnie++ binary not found'
rc, out, err = lib.run_command([bonnie, '-r', '1', '-c', '2', '-n', '10', '-d', self.mount_point])
formatted_output = '\n'.join(['rc [{0}]'.format(rc),
'stdout:\n{0}'.format(out),
'stderr:\n{0}'.format(err)])
assert rc == 0, formatted_output
assert '-Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks--' in out, formatted_output
assert '-Create-- --Read--- -Delete-- -Create-- --Read--- -Delete--' in out, formatted_output
def run_icommand(self, *args, **kwargs):
self._prepare_run_icommand(args[0], kwargs)
return lib.run_command(*args, **kwargs)
def run_post_scripts(score, client, sl_storage, containername, configuration):
score['post-scripts'] = normalize(score['post-scripts'], score)
for script, args in score['post-scripts'].iteritems():
rc, stdout, stderr = lib.run_command([script]+args)
score['post-scripts'][script] = {'rc': rc, 'stdout': stdout,
'stderr': stderr, 'args': args}
import os, sys
from lib import PyTerm
from lib import JobScanner
from lib import print_help
from lib import run_command
APP_ROOT = os.getenv('APP_ROOT')
#make sure always is set
if APP_ROOT is None:
PyTerm.error("Please export APP_ROOT!")
sys.exit(1)
if len(sys.argv) == 1:
print_help()
else:
run_command(sys.argv[1], sys.argv[2:], APP_ROOT)
